Russian Online Processor Could be behind MacDefender Malware

June 6, 2011

Malware that has recently targeted Mac users, scamming them into purchasing worthless security software, appears to be connected with Russian online payments processor ChronoPay. According to Krebs on Security , ChronoPay “specializes in processing the transactions of so-called ‘high-risk’ industries, including online pharmacies, tobacco sales, porn and software sales. A business is generally classified as high-risk when there is a great potential for credit card chargebacks and a fair chance that it will shut down or vanish without warning,” writes Brian Krebs. Krebs scanned the WHOIS information of domains that victims of the so-called MacDefender malware were being sent to, and found contact e-mails matching that of other ChronoPay-linked domains. “Perhaps Apple will have better luck than others who have tried convincing ChronoPay to quit the rogue anti-virus business,” Krebs said, “but I’m not holding my breath.”