At the beginning of May I made reference to a fake antivirus for Mac that was infecting a large number of users, since then several variants have appeared and the most recent one has the ability to install itself without asking for the administrator password:
Fake analysis on a page that simulates the Mac environment
The program spreads in the same way that fake Windows antivirus does (mainly poisoning images in Google), the worst case is that in Safari The download and execution of the program are carried out automatically, this happens because the default browser has an option activated to open some files after they are downloaded:
The ideal will be have that option disabled (found in Preferences / General), at least in this way one more interaction is added to the infection process since the installation of the program would have to be started manually.
By more information In Spanish I recommend SeguridadApple:
– MacGuard: New mutation in rogue AV MacDefender – Apple takes it over: How to remove Mac Defender
In the following video created by Sophos you can see the entire infection process and in this note images of the last detected variant: