Mac OS X Mac Defender Malware Detection

This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.

Synopsis :

The remote Mac OS X host appears to have been compromised.

Description :

Using the supplied credentials, Nessus has found evidence that a fake
antivirus software named Mac Defender (alternatively, MacDefender,
MacGuard, MacProtector or MacSecurity) is installed on the remote Mac
OS X host.

The software is typically installed by means of a phishing scam
targeting Mac users by redirecting them from legitimate websites to
fake ones that tell them their computer is infected with a virus and
then offers this software as a solution.

Once installed, the malware will perform a 'scan' that falsely
identifies applications such as 'Terminal' or even the shell command
'test' ('[') as infected and will redirect a user's browser to porn
sites in an attempt to trick people into purchasing the software in
order to 'clean up' their system.

See also :

Solution :

Follow the steps in Apple's advisory to remove the malware.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: MacOS X Local Security Checks

Nessus Plugin ID: 54832 ()

Bugtraq ID:


Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial