This Week's Sponsor:

Kolide

Ensure that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.


Firm Behind MacDefender Malware Likely Busted in Russian Raid

If you run an organization that runs a rogue pharmacy business and provides malicious support for fake anti-virus programs, then it’s likely you’re going to get caught. Such is the case with ChronoPay, whose offices were raided by Russian authorities at the end of July after the co-founder was arressted for allegedly launching denial-of-service attacks against payment processing firms in an attempt to undercut his competitors. The firm under inspection, ChronoPay, has been found with “mountains of evidence” that show the company running illegal anti-virus scams including MacDefender, which plauged Mac users earlier this year with fake pop-ups that scared users into thinking they had viruses, and even tricked users into supplying their credit card information via registration through the fake virus-removal app. MacDefender was crticized by Ed Bott as the start of something big, although security and malware news has been quiet last month, and the MacDefender threat itself could be diminished after this recent raid.

MacRumors writes,

The last release of MacDefender occurred on June 18. ChronoPay’s offices are raided June 23. A coincidence perhaps, or Russian law enforcement saving Mac users from fake antivirus software.

Companies in the business of writing and supporting malware such as MacDefender can rake in a lot of money in a short period of time. It’s an incredibly profitable business, feeding off the fear of individuals whom become victims to the scare tactics malware and phishing scams employ. While the takedown of ChronoPay will have a significant negative impact in revenues against cyber criminals in the black market, these raids are only short-term wins.

Given fake AV’s status as a reliable cash cow, the industry is likely to bounce back rapidly. Fake AV is extremely profitable, in large part because it is easily franchised.

Individual affiliates can quickly make a lot of money. Fake AV distribution networks pay affiliates between $25 and $35 each time a victim provides a credit card to pay for the junk software.

To spread malware, companies like ChronoPay can hire affiliates who can deploy malware and get paid based on how many systems are infected (how many programs are installed). The end result is that business is profitable for all the parties involved: fake anti-virus programs can offer “malware-removal” at the same market prices as legitimate anti-malware programs (the victim doesn’t know the difference), the distributors of malware are also paid wealthy amounts based on how successful that malware is, and you can begin to see how and why these types of businesses function in black markets. MacDefender was efficient since it preyed on Windows-to-Mac converts who are unfamiliar with legitimate solutions available, and thus fell for its tricks. MacDefender, while it garnered a lot of attention, has seemingly died down and is hopefully squashed for good with ChronoPay out of the picture.

MacDefender wasn’t some malware written by a couple young adults in their basement as we’d expect — this was a rare case of serious malware backed by a company (with a lot of money and mal-intent) and its affiliates. Hopefully, if evidence against ChronoPay turns out to be the real-deal, it’ll lead to more arrests and a safer Internet. The battle is far from won when it comes ot malware, but its always comforting knowing that there’s one less threat to deal with.

[Krebs on Security via MacRumors, (Image via ZDNet)]

 

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.