Apple publishes Mac Defender removal details, promises fix
Apple has published a knowledgebase document (HT4650) on its support web site that details how users can avoid or remove the latest Mac Defender malware. It had previously been reported that Apple had advised its technical support representatives not to help customers with Mac malware.
In the support article, Apple describes the fake anti-virus application, which also goes under the name "Mac Security" or "Mac Protector", as a phishing scam that has specifically targeted Mac users. The document goes on to note that its "ultimate goal is to get the user's credit card information which may be used for fraudulent purposes".
Apple says that it will release an update for Mac OS X that will automatically find and remove Mac Defender and its known variants. The company notes that, once installed, the update will "help protect users by providing an explicit warning if they download this malware". Users will be able to install the update via Mac OS X's built-in Software Update function "in the coming days".
Until the update is made available, users of the Safari web browser are advised to disable automatic file opening in Safari (Preferences -> General and uncheck "Open 'safe' files after downloading"). More importantly though, users should, when prompted for their user name and password, be asking themselves "what is requesting this information" and remembering that they are giving it privileges to modify their system.