Not a day after Apple finally acknowledged the Mac Defender trojan, the original malware author has changed up the attack, making it even harder to prevent infection. The main impediment before was that users had to enter their administrator password, but the new variant no longer requires that. It's a brave new world for Mac users, folks.
Since most Macs are run under a single user account, most instances of the operating system are running as administrator. That means this new version of the malware, called MacGuard, will simply pop up a dialog box. The user does not have to enter their password. Instead they only have to click Continue. Once installation is complete, the installer removes itself from the machine's Application folder, leaving no trace.
This installed application then reaches out and installs the main malware app that is similar to the original Mac Defender. There is no prompt to the user when this happens. The new malware app is a clear response to Apple's instructions in the support document. Users that thought they could avoid infection just by keeping their password to themselves are apparently in for a rude awakening. That other OS maker can tell you one thing, the malware arms race won't just stop.