Apple has officially acknowledged the presence of the MacDefender malware, and has posted step-by-step instructions on how to remove it from infected computers.
"A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus," Apple wrote yesterday (May 24) in an official support document.
The three-part bulletin shows Mac users how to avoid installing MacDefender — also known as MacProtector and MacSecurity — and exactly how to remove it, by finding and deleting the Trojan from the activity monitor.
The announcement came yesterday (May 24) at the tail end of a month-long controversy surrounding Apple's public response — or lack thereof — to the growing number of customer complaints about the invasive Mac-specific malware.
The probe into Apple's official stance was spearheaded by ZDNet reporter Ed Bott, who obtained a confidential internal memo from Apple that, initially, instructed its AppleCare support representatives to avoid discussing the malware with customers.
[Apple to Tech Support Staff: Don't Discuss Mac Malware]
A week later, Bott got his hands on another internal memo in which Apple acknowledged the MacDefender problem, and which again told reps to avoid helping customers remove it.
[Apple to Support Staff: Don't Help Malware Victims]
Apple will also roll out a Mac OS X software update in the next few days "that will automatically find and remove MacDefender malware and its known variants," and will help protect users with an "explicit warning" if they accidentally download MacDefender.
UPDATE: Just hours after Apple's announcement, the criminals behind MacDefender released a new, more deceptive and dangerous variant of the malware, Computerworld reported.
Called MacGuard, the new malware prompts users with the same warning, scaring them into downloading the phony software. Unlike MacDefender, however, MacGuard doesn't require users to enter a password, and installs itself with just a few clicks of the mouse.
Experts at the security firm Sophos have written a blog posting detailing exactly how to change your account settings in Safari to avoid becoming a victim of this new MacDefender variant.
