The recent MacDefender malware virus has been traced back to Russian online payment processor ChronoPay, according to a security researcher.
Brian Krebs, wrote the news on his KrebsonSecurity blog, claiming that he traced an email address used in the scams, to the company's financial controller Alexandra Volkova.
Mr Krebs added: "Some of the recent scams that used bogus security alerts in a bid to frighten Mac users into purchasing worthless security software appear to have been the brainchild of ChronoPay, Russia's largest online payment processor."
Fake MacDefender, MacProtector and MacSecurity phishing attacks are thought to spread through poisoned Google Image search results, and can be extremely difficult for Mac users to remove.
After the attack began on May 2nd Apple has released notes on how to avoid or remove the malware, which can be accessed on official help forums.
This week it has also revealed it will be updating its OS X operating system, improving security and destroying any scareware.