New Mac Defender Variant Bypasses Apple’s Security Update
Yesterday we reported that Apple had released the Security Update for Snow Leopard users to automatically find and remove the known variants of the Mac Defender malware. Apple enables OS X to update malware definitions daily to make sure that new versions of Mac Defender and other malware software will be discovered and removed. But despite all Apple’s efforts, there was found a new variant of Mac Defender that manages to circumvent Apple’s new security update and work exactly like Mac Defender.
The bad guys have wasted no time. Hours after Apple released this update and the initial set of definitions, a new variation of Mac Defender is in the wild. This one has a new name, Mdinstall.pkg, and it has been specifically formulated to skate past Apple’s malware-blocking code. The file has a date and time stamp from last night at 9:24PM Pacific time. That’s less than 8 hours after Apple’s security update was released. On a test system using Safari with default settings, it behaved exactly as before, beginning the installation process with no password required.
Some analytics suggest that it is the very beginning and Apple will soon have to address new variants of malware.