Mac OS X Mac Defender Malware Detection

This script is Copyright (C) 2011-2017 Tenable Network Security, Inc.

Synopsis :

The remote Mac OS X host appears to have been compromised.

Description :

Using the supplied credentials, Nessus has found evidence that a fake
antivirus software named Mac Defender (alternatively, MacDefender,
MacGuard, MacProtector or MacSecurity) is installed on the remote Mac
OS X host.

The software is typically installed by means of a phishing scam
targeting Mac users by redirecting them from legitimate websites to
fake ones that tell them their computer is infected with a virus and
then offers this software as a solution.

Once installed, the malware will perform a 'scan' that falsely
identifies applications such as 'Terminal' or even the shell command
'test' ('[') as infected and will redirect a user's browser to porn
sites in an attempt to trick people into purchasing the software in
order to 'clean up' their system.

See also :

Solution :

Follow the steps in Apple's advisory to remove the malware.

Risk factor :

Critical / CVSS Base Score : 10.0

Family: MacOS X Local Security Checks

Nessus Plugin ID: 54832 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now