Another Malware ‘MacGuard’ hits Mac OSX, bypasses password


Looks like Virus and Malware writers are  ready o bust the myth of Mac users that they are not prone to virus and malware attacks. Almost all the Mac users believe that they are immune from virus, Malware attacks etc and only Windows users need to be worried about these things. The myth has started to bust now after he recent Macdefender malware attack on Mac OSX and Apple releasing a how to guide on how to avoid or remove Macdefender Malware. It doesn’t stop here. Another Macdefender variant, Macguard has hit Mac users now.

Security firm Intego discovered Macguard uses a downloader installation package, called avSetup.pkg and after installation downloads a payload from a web server.All this happens when a user visits a specially crafted web site. While users browse the Internet, a pop up windows appears on the screen warning that computer is infected with a virus. In order to get rid of the virus, users are advised to download the so called Apple security center.


This variant of Macdefender doesn’t require any administrator’s password  to install itself. As majority of mac users are logged into their Mac using their administrator account, password is not needed for installing it in applications folder.

The second part of the malware is a new version of the MacDefender application called MacGuard. This is downloaded by the avRunner application from an IP address that is hidden in an image file in the avRunner application’s Resources folder. (The IP address is hidden using a simple form of steganography.)

You can use the same method for removal of Macdefender malware to remove MacGuard too. Apple said that they will be releasing a iOS update soon to fix the vulnerabilities.

Does all this indicate we may soon start to see Antivirus solutions being installed on every Mac? Whats your take on all this? Post your opinion and feedback in comments section.

via: Intego Blog

Leave a Comment