MacDefender is a malware scam that poses as a virus alert. However, it’s a fake virus alert, intended to prompt the user to download malware to their Mac. When it was first discovered, it was reported widely as it was the first time malware had posed a real threat to Mac users. And it took Apple several weeks to issue an update to remove it.
What is MacDefender?
First discovered in 2011, MacDefender was described as the first major malware threat to the Mac. However, MacDefender, also known as Mac Guard, didn’t do any damage itself. Instead, it posed as a virus scanner that appeared when a user clicked on an image in Google Image Search. The malware poisoned the search results with malware posing as an image. Once the virus scanner had ‘finished scanning’ it told the user that their computer was infected and that the only way to remove the virus was to pay between $59.95 and $79.95 for a tool called MacDefender. There was no such tool, the whole thing was a scam designed to extort money and to steal personal and financial data. Apple eventually, after several weeks, provided a patch to automatically find and remove MacDefender.
What damage does it do?
MacDefender’s main objective is to steal credit card data and persuade you to pay for a non-existent antivirus program. So it doesn’t do any damage to your Mac as such. However, you should still try to avoid it and remove it immediately if you spot it.
How to avoid MacDefender
The first step is, like with any malware, to be careful what you click on the web. This is more difficult with MacDefender because it places images in Google Image Search and so they look legitimate.
If you click on an image and see the notification or a window that looks like a fake virus scan, close your browser window immediately. If necessary, Force Quit it.
It’s possible that MacDefender may start downloading itself to your Mac without you doing anything, in that case open the Downloads window and cancel the download.
How to remove MacDefender malware: The manual way
If MacDefender installs itself before you get a chance to stop it, do the following.
- Launch Activity Monitor from Applications > Utilities.
- In the list of processes search for MacDefender, MacSecurity or MacProtector.
- If you find a process with any of those names, use the “x” in the toolbar to quit the process.
- Quite Activity Monitor.
- Search your Applications folder for applications with any of those names and if you find one, drag it to the Trash.
MacDefender also installs a Login Item. To delete that, click on the Apple menu and launch System Preferences.
- Choose Users & Groups.
- Select your user.
- Click on Login Items.
- Press the “-“ next to MacDefender.
How to remove MacDefender: The easy way
There is another way to get rid of MacDefender. CleanMyMac X has a malware utility that recognizes MacDefender and can remove every trace of it at the click of a button. It starts by scanning your Mac for malware and so will also report on and remove any other malware it finds on your Mac.
- Download CleanMyMac X.
- Launch the app.
- Choose Malware Removal tab.
- Click Scan.
- Click Remove.
What to do if you entered credit card details
Call your credit card company and tell them what’s happened. Give them all the details of where and when it happened. They will cancel your card so the hackers won’t be able to use the details they stole from you for further transactions.
You should also use the steps described above to remove MacDefender from your Mac.
It’s now several years since MacDefender was discovered and since Apple updated macOS to remove it. So there should be little risk of you encountering it. However, if you do come across it, or any other fake virus alert, the best thing to do is ignore it, and restart your browser if necessary. Don’t ever hand over your credit card details.
If you think you may have downloaded MacDefender there are a couple of ways to remove it, described above, including using the malware utility in CleanMyMac X.