MacDefender undergoes a name change, MacShield

The MacDefender malware has morphed again, now taking the guise of "MacShield."   As in the case of its oldest sibling MacDefender, the MacShield variant has taken the name of a legitimate Mac OSX software product with small distribution, doubtless causing the real developer significant heartache.

The UI is essentially unchanged, but as usual all of the dialogs and alerts have been updated with the new naming:


The UI contains the typical reassuring gibberish bragging about 250 "specialists" working in "more than 10 countries," and a database that includes "almost all known dangerous software." With all that expertise on-hand, it's rather surprising that doesn't detect itself as malware.

To lure MacShield follows the same scareware tactics as the MacDefender malware.  The risk of infection can be reduced per the comments in my earlier blog, and removal of the malware follows the exisitng guidelines published by Apple or in our KB article here.

ESET Cybersecurity detects the MacShield variant as OSX/Adware.MacDefender.K.





Author , ESET

  • Susan Coon

    Love this antivirus protection software.

  • Paul Collins

    Thank you for this valued information. I was getting all sorts of rubbish on my machine, but now it's clean. Many thanks.

    • Dan Clark

      You’re welcome!

  • joven embate

    thanks ESET for this info, now i'm more careful on downloading anything over the internet,
    and of course, my ESET NOD is always protecting my system, as always, :-)

  • Smalling7202

    One of the things I value is honesty. It is rare to find in this market

Follow us

Copyright © 2017 ESET, All Rights Reserved.