Hi Mac Users!
This weekend, I was doing a Google image search looking for butterfly icons (don’t ask). I found an image I liked on Google image search and clicked on it. With just this one simple click, I was able to experience how this new Mac malware tried to infect my computer. I documented it just for you, my loyal readers.
Here is my initial Google image search for “Butterfly”. I found the icon I wanted and clicked on it.
I also noticed that a file called “anti-malware.zip” downloaded to my Downloads folders without any action from me besides clicking on that butterfly icon. After the “virus scan” on my Mac, the web page looked like this.
Notice how the web page is designed to look like a Finder window, complete with the sidebar. Clicking anywhere on this web page downloaded the “anti-malware.zip” file. After I was done playing with this page by clicking around it, I had downloaded the zip file ten times.
So, pretty interesting, huh? In Safari, I don’t have it opening “Safe” files after download, so the infected web page just kept downloading the “anti-malware.zip” file whenever I visited this web page. That is all I needed to do to keep me safe. I went ahead and clicked on the file and instead of MACDefender, the software it wanted to install was “Mac Protector”. I found another piece of malware!
Even though I happened across this trickery, I just deleted the malware and moved on. Here is the thinking that stopped this malware in it’s tracks.
- Turn off “Open safe files after downloading”. You can do this by going to your Safari preferences and unchecking that box in the General preferences. After you turn it off, items you download from the Internet will go into your “Downloads” folder (or whatever folder you told Safari to download files to) and you will have to manually double-click on them to open them. Firefox users are always asked what to do when a file is going to be downloaded from a web page.
- Don’t trust the Internet! It doesn’t matter what you do, the Internet is not safe and it is not private. As soon as the web page started “scanning” my computer, I knew it was a hoax. First off, it was a web page and it started accessing my computer without any warning. A legitimate website would at least ask my permission.
- Be mindful of what you are downloading and what is being installed on your Mac. The Mac will not just install software without you initiating it or confirming it. If I had Safari opening safe files, the malware “Mac Protector” would have tried to install. I would have been presented with the first step and just quit the installation.
Hopefully, these screenshots and my words will increase your knowledge and help you recognize these kinds of threats. We may be seeing more.