first_imgApple posted a support article earlier today which aimed to help users avoid the Mac Defender Trojan, or remove it if already present on a system. Beyond that, the posting stated that a system update was in the works which would automatically remove the Trojan and prompt users if they happened to download the malware at some point in the future. Some wondered how well this fix would work, since cybercriminals release iterations of their malware almost as fast as Google iterates Chrome.Intego has now discovered that Mac Defender has already evolved into a more intelligent attacker. A new variant, called MacGuard, has started making the rounds, and unlike its predecessors it does not require a password to be entered to install its malicious payload. On single-user Macs, the avRunner downloader can simply pop itself into the Applications folder and phone home for its payload.Bypassing the password prompt is a significant advance, since that prompt is a bit like the hinged, acrylic box covering the big red button. While an unwary user might happily launch and click through an installer, the password dialog is usually a bit more foreboding. Eliminating the opportunity to back out before the code has been entered makes it all the more likely that MacGuard will successfully manipulate users into completing the install.For now, the bottom line is to scrutinize any web pages you wind up on which appear to be impersonating Finder and screaming at you about being infected. If you see something like the image below, it’s guaranteed to be a hoax and you should close your browser tab or window immediately.More at Integolast_img read more