MacDefender undergoes a name change, MacShield

MacDefender undergoes a name change, MacShield

The MacDefender malware has morphed again, now taking the guise of "MacShield."   As in the case of its oldest sibling MacDefender, the MacShield variant has taken the name of a legitimate Mac OSX software product with small distribution, doubtless causing the real developer significant heartache. The UI is essentially unchanged, but as usual all

The MacDefender malware has morphed again, now taking the guise of "MacShield."   As in the case of its oldest sibling MacDefender, the MacShield variant has taken the name of a legitimate Mac OSX software product with small distribution, doubtless causing the real developer significant heartache. The UI is essentially unchanged, but as usual all

The MacDefender malware has morphed again, now taking the guise of "MacShield."   As in the case of its oldest sibling MacDefender, the MacShield variant has taken the name of a legitimate Mac OSX software product with small distribution, doubtless causing the real developer significant heartache.

The UI is essentially unchanged, but as usual all of the dialogs and alerts have been updated with the new naming:

 

The UI contains the typical reassuring gibberish bragging about 250 "specialists" working in "more than 10 countries," and a database that includes "almost all known dangerous software." With all that expertise on-hand, it's rather surprising that doesn't detect itself as malware.

To lure MacShield follows the same scareware tactics as the MacDefender malware.  The risk of infection can be reduced per the comments in my earlier blog, and removal of the malware follows the exisitng guidelines published by Apple or in our KB article here.

ESET Cybersecurity detects the MacShield variant as OSX/Adware.MacDefender.K.

 

 

 

 
 
 
 
 
 
 
 

Discussion