THIS WEEK'S SPONSOR:

Kolide

The fleet visibility solution for Mac, Windows, and Linux that can help you securely scale your business


New Mac Defender Variant Bypasses Apple’s Security Update

Last night, we reported Apple issued a Security Update for Snow Leopard users to update the OS X malware definitions, enhance File Quarantine’s functionalities and, more importantly, automatically find and remove known variants of the Mac Defender malware that’s been spreading among Mac users in the past month. By enabling OS X to update definitions daily in the background with a new daemon, Apple is taking the necessary measures to make sure new versions of Mac Defender and, overall, malware targeting Mac machines in the future can be removed safely and quickly a few hours / days after they’re discovered. As reported by Ed Bott at ZDNet, a new variant of Mac Defender coming with a new installer package has already been released, and it’s capable of circumventing Apple’s new security update and work exactly like Mac Defender and Mac Guard used to until yesterday.

The bad guys have wasted no time. Hours after Apple released this update and the initial set of definitions, a new variation of Mac Defender is in the wild. This one has a new name, Mdinstall.pkg, and it has been specifically formulated to skate past Apple’s malware-blocking code.

The file has a date and time stamp from last night at 9:24PM Pacific time. That’s less than 8 hours after Apple’s security update was released. On a test system using Safari with default settings, it behaved exactly as before, beginning the installation process with no password required.

Bott suggests this “cat and mouse” game is just the beginning, and Apple will have to begin addressing new variants that are discovered every day. The system put in place by Apple to provide updated definitions for easy removal of malware should allow users to prevent computer infections by automatically finding suspicious packages downloaded from the Internet. [via MacRumors]

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.