Published by Yolanda Ruíz, May 2011

Mac systems have always had a reputation for being virus-free, among Mac users at least… And despite all our efforts to raise awareness of threats and advise them to install some good security software, I think it will still take some years for the message to sink in, just as in 2000, when we started warning Windows users to protect themselves. Apple’s market share is growing very rapidly and it presents cyber-criminals with a large number of potential victims.

But… let us insist: dear Mac users, please, protect yourselves. There are a lot of Mac threats out there, and rogue security software is just the latest example.

Fake antivirus programs, also known as rogueware, are malicious applications which, once installed on the target computer, start showing warning messages trying to convince victims that their computer is infected. But not only this, the software also offers the perfect solution to this problem. If the user clicks on any of the links displayed, they will be taken to a very well crafted, phony online store where they can buy an antivirus program for €40-€60.

However, if they take the bait, the following is most likely to happen:

  1. They will enter their credit card details and pay for a product they will never get.
  2. Their credit card number will be compromised and probably sold on the black market. and then… Well, expect to see some strange movements in your bank account.
  3. Finally, after all the hassle, the warning messages won’t even go away.

According to PandaLabs, this type of scam is putting more than $400 million a year in the hands of cyber-criminals. Yes, you read that correctly…

Up to now, this scam had always targeted Windows users, but now it is also affecting Mac users. The strategy is more or less the same: attackers use BlackHat SEO techniques to lure Mac users into visiting Web pages advertising an online antivirus for Mac called Mac Defender. If the user accesses the page, the antivirus simulates a computer scan and reports multiple infections. Then, it downloads a zipped Javascript file which will open automatically depending on the browser settings:

We must admit that the application is very well designed and it is really easy to fall into the trap. Once the malicious code installs on the computer, it opens pornographic Web pages to trick users into believing they are infected, and shows fake virus alerts like this:

Finally, it takes the user to an online store in an effort to fool them into paying to remove the fake viruses “detected” by the software, with the aforementioned consequences.


So, let us insist one more time: Mac threats are real. This is a new scenario in which Mac users are particularly vulnerable because they have a false sense of security and think that only Windows computers get infected.

Our recommendation is to install a good security program. If you are a Mac user and have been affected by any of these threats, we would like to invite you to try our Panda Antivirus for Mac free (available from ).

You know, as the old saying goes… “Better safe than sorry”. 😉


Yolanda Ruiz Hervas introduces herself  “I have worked in Panda Security Group as  Communication Manager since joining the company in 2001. Also, I confess I am passionate about technology, my work, motorbikes and cars and good company (and not in order). ‘Carpe Diem!’ is my motto. You can contact me on or