Now on Mac fake antivirus are installed without asking for the admin password

At the beginning of May I made reference to a fake antivirus for Mac that was infecting a large number of users, since then several variants have appeared and the most recent one has the ability to install itself without asking for the administrator password:

Fake analysis on a page that simulates the Mac environment

The program spreads in the same way that fake Windows antivirus does (mainly poisoning images in Google), the worst case is that in Safari The download and execution of the program are carried out automatically, this happens because the default browser has an option activated to open some files after they are downloaded:

The ideal will be have that option disabled (found in Preferences / General), at least in this way one more interaction is added to the infection process since the installation of the program would have to be started manually.

By more information In Spanish I recommend SeguridadApple:

– MacGuard: New mutation in rogue AV MacDefender – Apple takes it over: How to remove Mac Defender

In the following video created by Sophos you can see the entire infection process and in this note images of the last detected variant:

Disclaimer: the video shows the operation of one of the first detected variants, in the last one everything is the same except that it has another name and does not ask for the password during the installation.