Video above of a computer visiting the malware site which downloads the malware file.

One of the screens for Mac Protector. An icon for it will also appear in your menu bar a the top of your computer window.

By Baron Sekiya | Hawaii 24/7

A new malware app is making its rounds amongst Mac users. It goes under the names: Mac Protector, Mac Defender, Mac Security and people are accidentally downloading it and running it.

It’s not a ‘virus’ but more like a trojan horse.

The app pretends to be an anti-virus application (hey someone gave us a gift from the Gods), but spews out phony virus warnings saying your Mac is infected and makes your web browser display pop-up windows with porn and other stuff (awwh, it’s not a gift, it’s a bunch of soldiers running out of a wooden horse to hurt us).

The app then asks you to pay $70 so they can fix your computer from all these nasty bugs it found. It’s like extortion money by the mafia, you pay us protection money and your business won’t burn down to the ground by all the rampant arsonists out there.

Don’t pay the money to the dirtbag software company!

Here’s a link to official Apple instructions on how to get rid of the malware:
http://support.apple.com/kb/HT4650

Here’s an article on BoingBoing about it with three suggestions for REAL anti-virus/malware protection:

Beware MAC Defender: OSX malware disguised as anti-virus software

I have a friend who had her computer infected got the malware from visiting MSNBC. Even BoingBoing seems to think it was somehow pushed out by some deviously configured ad or twitter link on MSNBC. She had a flood of gay porn pop-up windows when she used both Safari and Chrome browsers on her Mac.

The Google Chrome browser has started pushing out messages to some users warning them if it has detected the possible malware on the page you want to visit so heed the warnings.

And as always, surf the internet responsibly. If you don’t know what a file on your computer is throw it in the trash instead of running it. It could be a big wooden horse from the Gods.

UPDATED (5/24/11)

This malware may also have an email spam-bot payload involved. The computer that was infected by the malware suddenly spam emailed everyone in the MacBook’s Address Book.

The subject line of the spoofed email was something like, ‘hey Baron’ or ‘hi Baron’ and contained a line of text with a long URL link.

Examples of the body text without the offending URLs are:

• hello Baron, the differences in my life now due to this are insane URL
• Baron hey it was a miracle to have found this URL
• Baron hey, you should seize your chance to live in luxury URL

This is a nasty piece of malware. It’s difficult to tell if the malware might have either:

• Sent the Mac’s Address Book contacts somewhere.
• Had a built-in emailer that harvested the email addresses and sent the spam email directly from the MacBook laptop.

The second seems unlikely as the Mac Protector app process was turned-off via Activity Monitor unless something was missed.

If anyone else has encountered this spam-bot situation leave something in the comments below. I’d like to hear from you.

UPDATED (5/25/11)

The website The Mac Security Blog is reporting a variant of the malware called MacGuard and it is able to install without the use of the administrator password after the user is tricked into running the malware application.