Over the weekend, researchers from security firm Palo Alto Networks and Apple discovered and blocked a cyberattack targeting Mac users with malware ransomware.
Security researchers at Palo Alto have detected a new ransomware malware targeting Mac users via a compromised version of a free BitTorrent client called Transmission. The discovery is believed to be the first known instance of a ransomware affecting the Apple ecosystem.
When installed, the ransomware idles for three days before eventually connecting to a remote command-and-control server using the Tor system. Altogether, the ransomware is coded to encrypt over 300 types of files.
The ransomware, dubbed as “KeRanger” compromised a recent version of Transmission after malicious hackers infiltrated the website to upload a tampered version of the client. The move is a means to spread the malware ransomware through the official distribution method of the software, from the source website directly.
Transmission quickly put up a warning on its website to remind people who downloaded version 2.90 to “immediately upgrade to 2.92.”
“It’s possible that Transmission’s official website was compromised and the files were replaced by re-complied malicious versions,” Palo Alto wrote, before adding “we can’t confirm how this infection occurred.”
The compromised version (2.90) that was made available on the official website was reportedly signed legitimately with an Apple developer’s certificate. If a user’s Mac is set allow downloads from trusted and identified Apple developers via its security settings, it is unlikely that the user would even see a warning from Apple’s GateKeeper about the possibility a compromised malicious software.
For its part, Apple revoked the certificate on Friday after being notified by the security firm and furthermore, updated its XProtect antivirus engine. The ransomware was also found to encrypt files on Apple’s Time Machine, its consumer backup drive software, according to Palo Alto.
The KeRanger incident goes to show that after years of the belief that the Apple platform is immune from viruses and malware, there is a substantial increase in malware-related cybercrimes targeting the Mac OS platform. One OS X security expert even posted a proof-of-concept code on GitHub for ransomware targeting Macs as an experiment to show how easy it would be for malicious attackers to target the platform.
Image credit: Pexels.