Mac malware spreads to Russian firm

Russian firm may be behind the MacDefender malware that’s scaring Apple Macintosh OS X users into buying a fake antivirus program, a security researcher said.

Brian Krebs said that leaked documents tracing the rogue antivirus to ChronoPay, which he described as a “pioneer” in the rogue antivirus business.

“Last year, ChronoPay suffered a security breach in which tens of thousands of internal documents and emails were leaked. Those documents show that ChronoPay owns the domain and pays for the virtual servers in Germany that run it. The records also indicate that the address belongs to ChronoPay’s financial controller Alexandra Volkova,” he said in a blog post.

The email address had been used to register the domains and, where victims were directed to pay for the rogue software, he added.

Krebs also cited a screenshot shared with his site, which showed someone recently used that account to register two more Mac security-related domains that have not yet shown up in rogue anti-virus attacks against Mac users.

He said these include and

ChronoPay is also Russia’s largest online payment processor, Krebs noted.

Since early May, the fake MacDefender antivirus spread through poisoned Google Image Search results, scares users into thinking their machines are infected, and has them pay for the malware.

While the attacks initially required users to provide their passwords to install the rogue programs, a new version no longer needs the passwords.

Krebs noted that a few days after the first attacks in early May, experienced Mac users on Apple support forums began reporting that new strains of the Mac malware were directing users to pay for the software via a domain called

Others spotted fake Mac security software coming from

He said the WHOIS information for both domains includes the contact address of

Krebs added the leaked documents also have given ChronoPay’s enemies access to certain online records that the company maintains, such as domain registration accounts tied to the firm.

“Both and were suspended by the registrar — a company in the Czech Republic called,” he said.

“Perhaps Apple will have better luck than others who have tried convincing ChronoPay to quit the rogue anti-virus business, but I’m not holding my breath. As I noted in a story earlier this year, ChronoPay has been an unabashed ‘leader’ in the scareware industry for quite some time,” he added.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

for the love of nike

for the love of nike

between i and the sky

dress-up dreams, crafts, sunbeams & everything in between


Just another site


News and reviews from the world of gadgets, gear, apps and the web

Twitterpated Me

My pocketful-of-sunshine-life

Unica Hija Fasyon

by Cillalois Famero


Live life out loud.

The Blog

The latest news on and the WordPress community.

%d bloggers like this: