Mac fake anti-virus attack gets dirty to ensnare victims

The latest variants of the new Mac malware we have been tracking has an interesting payload that many people may not have realised yet.

It’s well documented that the fake anti-virus attacks attempt to trick you into believing that you have security problems on your Mac, and that you need to hand over your credit card details to buy a version which will clean-up your computer.

Mac fake anti-virus alert

However, when we left an infected Mac running for a while unattended earlier today in our labs, we found that it would periodically open instances of the web browser and point them to various websites.

Sign up to our free newsletter.
Security news, advice, and tips.

Saucy website

As you can see, the website isn’t necessarily the kind that you might want regularly popping up on your screen – especially if you don’t have an understanding wife or boss.

A quick look inside the code of the attacks, which Sophos is detecting as OSX/FakeAV-A, reveals a list of possible websites that you may find your computer visiting without your permission:

List of saucy website URLs hidden inside fake anti-virus

My guess is that the malware attackers are doing this as a further incentive for you to purchase the so-called “fix”. It’s just another clever piece of social engineering which might make you rush into handing over your credit cards, in the belief that your Mac has been compromised.

Don’t forget, the bad guys will use every dirty trick in the book to get their hands on your money.

Sophos customers should be protected, but if you have a Mac at home and want to defend yourself you can download our free anti-virus. It’s automatically updated to protect against the latest threats.

DownloadFree Anti-Virus for Mac
Download Sophos Anti-Virus for Mac Home Edition


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.