updated 10:05 am EDT, Thu May 19, 2011
First major malware attack on Macs?
Apple is informing its technical support workers not to remove or even confirm or deny the presence of MACDefender/Mac Security malware on customers' computers, a leaked memo reveals. "Apple does not provide support or assistance in removal or diagnosis of malware," part of the the document reads. AppleCare representatives are in fact instructed to rule out any issues with Apple products, should a person acknowledge that they installed MACDefender/Mac Security or a variant.
The only help an AppleCare representative will provide if the malware is installed is making sure Mac OS X and security are up-to-date, and directing people to antivirus software on the Mac App Store or the Apple online store. If a person has yet to actually install the malware, AppleCare workers are allowed to tell people to quit the installer and delete the downloaded file. Apple's policies differ from those of Microsoft, which offers free support for malware, and Dell and HP, which will scrub a system but only for a fee.
The MACDefender/Mac Security threat appears to have become one of the most serious to ever hit the Mac. Even though the code requires victims to give permission for installation, a number of Mac users have fallen prey. Whereas just a normal handful of complaint posts were present on Apple's support forums at the end of April, as recently as Wednesday there were 42 separate threads.
One AppleCare representative has claimed that call volumes are four or five times their normal rate, and that the "overwhelming majority" are MACDefender-related. "Many frustrated Mac users think their Mac is impervious to viruses and think this [the malware] is a real warning from Apple. I really wish I could say not many people will fall for this, but in this last week, we have had nothing but Mac Defender and similar calls."
The person adds that even though the malware is easy to remove, Apple is officially holding back on a solution as it might convey the idea that Apple is willing to remove all malware in the future. Most AppleCare workers are nevertheless said to be helping customers with the current threat out of compassion. A small number of Mac users have reportedly fallen victim to the malware's identity theft scheme, in which it will ask people to unlock the software with a credit card, denying each one but asking people to try another. "One person ended up trying five different cards," the AppleCare representative says, citing a second-hand story from a peer. "I'm going to assume criminals now have a hold of the info."