In its advisory over the issue, Apple said an administrative password prompt is a good time for a user to abort the installation of the fake anti-virus software. Now its attacks won’t ask for a password, following a method used by criminals on Windows PCs to avoid user account control (UAC) warnings. Now all you need to do is to follow a bad link via a affected search image result for an installation to start. Once installed, the malware prompts you for credit card details to purchase the software, which of course you should not do.
It is recommended that MAC users disable the ‘open safe file after downloading’ option on their MAC systems, at least until Apple releases the security update. With this the downloaded fake AV cannot install itself unless you permit it to start installation.