According to security researcher Brian Krebs, ChronoPay - Russia's largest online payment processor - is something of a pioneer in the rogue anti-virus business.
"Since the beginning of May, security firms have been warning Apple users to be aware of new scareware threats like MacDefender and Mac Security", he says in his latest security blog.
"The attacks began on May 2, spreading through poisoned Google Image Search results. Initially, these attacks required users to provide their passwords to install the rogue programs, but recent variants do not, according to Mac security vendor Intego", he added.
Krebs goes on to say that, a few days after the first attacks surfaced, experienced Mac users on an Apple support forums began reporting that new strains of the Mac malware were pushing users to the mac-defence.com and macbookprotection.com domains.
Both of these domains, he claims, have the "distinct fingerprint" of ChronoPay on them - "a Russian payment processor that I have written about time and again as the source of bogus security software."
The former Washington Post reporter says that ChronoPay owns the mail-eye.com domain and pays for the virtual servers in Germany that the service runs on.
Perhaps Apple, he adds, will have better luck than others who have tried convincing ChronoPay to quit the rogue anti-virus business, but he said he is not holding his breath on the issue.
As reported previously by Infosecurity Krebs has noted ChronoPay's involvement with scareware and allied web operator payment processing, but this is the first time he has been able to trace a paper trail between the Mac scareware operators and ChronoPay itself.