The original program asked for a users’ administrative password before it downloaded. Now, security software company Intego reports that a new program variant called MacGuard bypasses that step and puts itself onto your computer before deleting the original installer.
Apple said Tuesday that it will issue a security fix to deal with MacDefender and its known variants.
Intego said any Web page that looks like a Finder window that claims to be scanning your Mac is fake and users who see these pages should quit their browser right away and clear any downloads.
The company advised that users should turn off the “Open ‘safe’ files” option in their Safari browsers general preferences to keep the file from opening automatically if it is accidentally downloaded.