NEWS FROM THE LAB - Tuesday, January 15, 2008

First Rogue Cleaning Tool for Mac Posted by Patrik @ 04:56 GMT

We've just found the first Mac rogue application and it's called MacSweeper.

It claims to clean your Mac from compromising files and it will always find something to fix/clean but the only way to do so is to buy the program.

Buy MacSweeper

Once installed it will also randomly show a big popup window stating that your privacy is compromised and again prompt you to buy the program.

Popup by MacSweeper

Even more telling that it's a scam is the fact that when you visit the MacSweeper website with a PC and click on "Scan", it will tell you that you have security vulnerabilities in folders that only exist on Mac like system_root/home. Fake? Oh yeah…

Mac vulnerabilities on a PC

Looking more at their website we found that they have copied the text describing the company directly from Symantec and just changed the name.

About MacSweeper

About Symantec

Rogue/fake applications (scareware) such as this have been around for years on Windows (WinFixer, SpySheriff, et cetera). They're designed to trick people into thinking that they have security problems and that the only way to solve it is to buy the software. Up until now this has been a Windows only problem but that's not the case anymore.

So what does the first Mac rogue application really mean? It means that with Mac's growing popularity and growing user base comes certain problems that can't be ignored. Mac users will increasingly come under attack from bad guys and this new rogue application and the constant stream of new variants of DNSChanger is proof of that. It doesn't mean that Mac is becoming less secure in and of itself. But it does mean that Mac users will have to watch out for social engineering tricks just like Windows users have had to do for years.

MacSweeper's sibling in the Windows world is called Cleanator.

Editor's Note — P.S. from Patrik:

Today I spoke with a journalist about MacSweeper and he said something that stuck in my mind.

"I visited the macsweeper.com website. I know I probably shouldn't have - but I used a Windows PC so I knew I wouldn't get infected."

Now that's something you don't hear everyday!