Malware for Macs is a rare thing. But there is one basic tenet to how bad guys think: they will go to where the richest bounty can be found. As the entire PC market shrinks, Mac computers sales are growing. That means they are becoming a more bountiful target for malware.
Apple does not seem to want you to know this. In recent weeks, a Trojan called Mac Defender has been infecting Mac computers through “poisoned” search links that install the malware. Mac Defender scans for personal information on your computer, including credit card numbers. According to ZDNet, Apple has instructed members of its support team to avoid telling users how to rid computers of the malware.
ZDNet reporter Ed Bott acquired the Apple document that outlines what support teams can and cannot do when handling a Mac Defender call. See below.
Sophos security analyst Chet Wisniewski weighed in on the matter on the company’s Naked Security blog: “Apple’s famous PR savvy apparently doesn’t apply to handling security incidents. It is genuinely tragic that such a large number of OS X users are falling victim to this scam, and Apple’s response is less than helpful.”
If these documents are real and Apple is indeed telling its support staff to avoid mentions of Mac Defender or how to get rid of it, it is a very curious move by the public relations staff in Cupertino. Apple is known for having good support, both from its technical lines and through its retail stores. The company likes to tout Macs as safer from malware than PCs, so acknowledging malware could be detrimental to burgeoning sales. Then again, frustrating users with inadequate support could do the same thing.
Another ZDNet reporter, Adrian Kingsley-Hughes, posted a discussion with an Apple support technician and found the experience to be very helpful. Perhaps the technician was not up to date with the current Apple guidelines or was purposely ignoring them or Bott’s initial reports are inaccurate.
A security researcher told me once, “Macs are fundamentally no safer than PCs. The difference is that Windows controls a huge section of the market and hackers, who are lazy by nature, go where the numbers are. Macs are just not worth it.”
The unofficial Apple blog TUAW has posted a guide to how to remove Mac Defender if you have downloaded it. Otherwise look for anti-virus applications (free or paid) such as from Sophos or Symantec to help rid your computer of the Trojan.
Update — May 25, 12:36 p.m.: Yesterday evening Apple posted a tutorial in the support section of its website; “How to avoid or remove Mac Defender malware.” It is a step-by-step definition of the malware and how to get rid of it.
It is a concession by Apple that it does, indeed, get malware. The steps for removing Mac Defender if it has been installed are relatively easy and the advice is straightforward.
Yet, it seems nothing can please Wisniewski. He posted on Naked Security that Apple used some of the malware terms — phishing and Trojan — incorrectly. At this point it is what it is. The Apple Support team can now direct callers to the help page to remove Mac Defender.