Apple computers are often touted to offer a virus-free computing experience, as opposed to Windows, but as the platform increases in popularity it is also becoming a more serious target for attackers. One recent case involved a piece of 'scareware' dubbed Mac Defender, and became notorious for Apple's initial reluctance to help affected customers, despite receiving thousands of tech support calls related to the infections.
The scam in question targets Mac users via SEO poisoning attacks linked to a phony online antivirus scanner, which dupes users into thinking their machine is infected and automatically starts downloading an antivirus 'solution.' The design and content of Mac Defender makes it seem like a genuine antivirus program. However, once installed it will report that it has found other viruses and offer to clean the computer after a credit card payment is done.
Interestingly enough, Apple had apparently instructed its AppleCare and retail staff not to even acknowledge Mac Defender's existence, or help remove it from users' infected computers. ZDNet's Ed Bott posted a document with instructions that Apple's support personnel supposedly received regarding this issue, which was corroborated by two anonymous Apple support representatives who were surprised with how the company was dealing with the issue.
It's unclear how widespread the issue really is or why the company was downright preventing support personnel from helping customers – beyond suggesting users that they research antivirus alternatives on their own.
Now, however, the company has apparently had a change of heart and posted a support article on its website explaining "How to avoid or remove Mac Defender malware" – which basically boils down to directions on quitting the offending app and deleting it from the Utilities folder it is installed into by default. Apple also promised to issue a software update soon that will automatically hunt out and remove Mac Defender and its variants.