{"id":2879,"date":"2011-06-01T16:49:28","date_gmt":"2011-06-01T23:49:28","guid":{"rendered":"http:\/\/blog.intego.com\/?p=2879"},"modified":"2016-02-12T10:05:37","modified_gmt":"2016-02-12T18:05:37","slug":"new-macdefender-variant-evades-apples-malware-detection-system","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/","title":{"rendered":"New MacDefender Variant Evades Apple&#8217;s Malware Detection System"},"content":{"rendered":"<p>Just a few hours after Apple <a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-issues-macdefender-security-update\/\">released a security update to block the MacDefender fake antivirus<\/a>, a new variant has been found, which tests Apple&#8217;s ability to rapidly respond to new threats. The latest version comes in an installer package named mdinstall.pkg, and installs an application named MacGuard, which is the latest name that has been used for this malware. (The first name used was MacDefender, followed by MacProtect, MacSecurity and MacGuard.)<\/p>\n<p><a href=\"https:\/\/www.intego.com\/virusbarrier\/\">Intego VirusBarrier X6<\/a>, with its current malware definitions, already detects this variant,  because of the multiple techniques it uses to detect malware, but the new variant manages to evade Apple&#8217;s signature-based malware detection system. We expect Apple to release an update to these malware signatures soon, as the new system is set, by default, to check for updates every 24 hours.  <\/p>\n<div class=\"blog-download\">\n<p class=\"button\"><a href=\"https:\/\/www.intego.com\/demo?blog2\">Download 30-day free trial<\/a><\/p>\n<h4><a href=\"https:\/\/www.intego.com\/demo?blog2\">Protect your Mac from malware<\/a><\/h4>\n<p><a href=\"https:\/\/www.intego.com\/demo?blog2\">Download a free 30-day trial version of VirusBarrier X6 and save $5<\/a><\/p>\n<div class=\"clear\"><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Just a few hours after Apple released a security update to block the MacDefender fake antivirus, a new variant has been found, which tests Apple&#8217;s ability to rapidly respond to new threats<\/p>\n","protected":false},"author":3,"featured_media":2784,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190],"tags":[3151,54,2689,86],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Just a few hours after Apple released a security update to block the MacDefender fake antivirus, a new variant has been found, which tests Apple&#039;s ability to rapidly respond to new threats\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New MacDefender Variant Evades Apple&#039;s Malware Detection System - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Just a few hours after Apple released a security update to block the MacDefender fake antivirus, a new variant has been found, which tests Apple&#039;s ability to rapidly respond to new threats\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2011-06-01T23:49:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-02-12T18:05:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/05\/malware-icon.png\" \/>\n\t<meta property=\"og:image:width\" content=\"128\" \/>\n\t<meta property=\"og:image:height\" content=\"128\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Peter James\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/05\/malware-icon.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/05\/malware-icon.png\",\"width\":\"128\",\"height\":\"128\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/\",\"name\":\"New MacDefender Variant Evades Apple's Malware Detection System - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#primaryimage\"},\"datePublished\":\"2011-06-01T23:49:28+00:00\",\"dateModified\":\"2016-02-12T18:05:37+00:00\",\"description\":\"Just a few hours after Apple released a security update to block the MacDefender fake antivirus, a new variant has been found, which tests Apple's ability to rapidly respond to new threats\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New MacDefender Variant Evades Apple&#8217;s Malware Detection System\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\"},\"headline\":\"New MacDefender Variant Evades Apple&#8217;s Malware Detection System\",\"datePublished\":\"2011-06-01T23:49:28+00:00\",\"dateModified\":\"2016-02-12T18:05:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#webpage\"},\"wordCount\":161,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/05\/malware-icon.png\",\"keywords\":[\"Apple\",\"Fake Antivirus\",\"MacDefender\",\"Malware\"],\"articleSection\":[\"Malware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\",\"name\":\"Peter James\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"caption\":\"Peter James\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Just a few hours after Apple released a security update to block the MacDefender fake antivirus, a new variant has been found, which tests Apple's ability to rapidly respond to new threats","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/","og_locale":"en_US","og_type":"article","og_title":"New MacDefender Variant Evades Apple's Malware Detection System - The Mac Security Blog","og_description":"Just a few hours after Apple released a security update to block the MacDefender fake antivirus, a new variant has been found, which tests Apple's ability to rapidly respond to new threats","og_url":"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/","og_site_name":"The Mac Security Blog","article_published_time":"2011-06-01T23:49:28+00:00","article_modified_time":"2016-02-12T18:05:37+00:00","og_image":[{"width":"128","height":"128","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/05\/malware-icon.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Peter James","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/05\/malware-icon.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/05\/malware-icon.png","width":"128","height":"128"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/","name":"New MacDefender Variant Evades Apple's Malware Detection System - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#primaryimage"},"datePublished":"2011-06-01T23:49:28+00:00","dateModified":"2016-02-12T18:05:37+00:00","description":"Just a few hours after Apple released a security update to block the MacDefender fake antivirus, a new variant has been found, which tests Apple's ability to rapidly respond to new threats","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"New MacDefender Variant Evades Apple&#8217;s Malware Detection System"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116"},"headline":"New MacDefender Variant Evades Apple&#8217;s Malware Detection System","datePublished":"2011-06-01T23:49:28+00:00","dateModified":"2016-02-12T18:05:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#webpage"},"wordCount":161,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/05\/malware-icon.png","keywords":["Apple","Fake Antivirus","MacDefender","Malware"],"articleSection":["Malware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/new-macdefender-variant-evades-apples-malware-detection-system\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116","name":"Peter James","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","caption":"Peter James"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/05\/malware-icon.png","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-Kr","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/2879"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=2879"}],"version-history":[{"count":2,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/2879\/revisions"}],"predecessor-version":[{"id":50083,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/2879\/revisions\/50083"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/2784"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=2879"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=2879"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=2879"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}