facebook rss twitter

Apple Mac users targeted by Ransomware for first time

by Mark Tyson on 7 March 2016, 12:31

Tags: Apple (NASDAQ:AAPL), MacBook, iMac

Quick Link: HEXUS.net/qacy6h

Add to My Vault: x

Apple Mac computers were targeted for the first time by ransomware this weekend, reports Reuters. Researchers at Palo Alto Networks Inc observed the first thrust of this particularly nasty brand of malware in the wild.

Ransomware seeks to infect systems, encrypt user files, then get the user to pay up for a decryption key to get their files, or even access to their system, back. It is estimated that cyber criminals extract ransoms of "hundreds of millions of dollars a year", from their victims which had until now been typically been Windows users. Looking around it seems that ransomware attacks are a very clear and present threat to Android users too.

'KeRanger' ransomware was delivered to Mac users via an infected version of the Transmission open source BitTorrent peer-to-peer file sharing client. Palo Alto Threat Intelligence Director Ryan Olson said the infected software propagation began on Friday when Transmission 2.9 was released. Worryingly, the malware authors managed to get their code in the official release of this program, downloadable from the official site. In a telephone interview with Reuters, Olson said "This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom".

It is interesting to note that "The KeRanger application was signed with a valid Mac app development certificate; therefore, it was able to bypass Apple's Gatekeeper protection". Apple has been notified of the treat and has since revoked the abused certificate and updated the XProtect antivirus signature.

Act now if you are a Transmission user

The program has since been updated and a new version released with a patch that automatically removes the ransomware from infected Macs. If you have any suspicion that you downloaded or updated Transmission on Friday or Saturday it is advised that you install the update, version 2.92, as soon as possible. You probably still have time to do so as "KeRanger is programmed to stay quiet for three days after infecting a computer, then connect to the attacker's server and start encrypting files so they cannot be accessed".

To decrypt your files KeRanger asks for 1 bitcoin (approx US$400) to be transferred.

HEXUS Forums :: 14 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by shaithis - Mon 07 Mar 2016 12:56
………but you don't get viruses on Macs!!!
Posted by b0redom - Mon 07 Mar 2016 13:30
….this is malware not a virus……
Posted by Jenstmar - Mon 07 Mar 2016 13:45
This is the second IT magazine where I've read about this. I'm pretty sure the one in 2014 also hit OSX, though it sure hit iOS hardest.
Posted by peterb - Mon 07 Mar 2016 14:47
shaithis
………but you don't get viruses on Macs!!!

As boredom said.

But I don't know why you should think that. MaCos is based on UNIX, and the first viruses written were for UNIX systems. Macs have been relatively free from virus attacks because they weren't perceived as mainstream, but clearly that is changing.

Apples "walled garden' has provided some protection, but the application was compromised at source, but full marks to Apple and the developers for identifying and mitigating agains it.

However, of greater interest is the implication from the HEXUS article that the encryption is done online, rather than by the malware itself, which appears to act as a conduit, so that should be traceable.
Posted by LeetyMcLeet - Mon 07 Mar 2016 15:10
It was only a matter of time.

We've seen an increase in malware-infected Macs over the last couple of years. Funny thing is, most of the customers bought macs because of the security advantage lol (or even funnier, because they're ‘faster’ – my personal favourite) :P

SEE NEWER »