First Mac-Targetting Ransomware Appears in the Wild

/ 8 years ago

First Mac-Targetting Ransomware Appears in the Wild

Despite the rising amount of ransomware attacks recently, Apple’s Mac OSX has so far remained unaffected by it. Unfortunately, for Mac-users, security firm Palo Alto Networks announced on Sunday that it had discovered the world’s first ransomware that is aimed at OSX computers. Now named “KeRanger”, the malware was discovered through a rogue version of the popular Transmission BitTorrent client.

KeRanger was first noticed on Saturday on the Transmission forums, where some users posted unusual reports that copies of Transmission downloaded from the main site were infected with malware. This means that the Transmission site itself was compromised, as the KeRanger infected versions of the client were served over an HTTP connection instead of the usual HTTPS used for the remainder of the website. Transmission later published a message stating that: “Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file.”

When a computer is infected with the KeRanger ransomware, through installing a compromised version of Transmission, the installer runs an embedded executable file on the system. It then waits 3 days before connecting to its command and control (C2) servers over the Tor anonymizer network. From there, it begins the process of encrypting certain types of files and documents on the system before issuing a demand of one bitcoin (around $400) to a specific address in order to restore access to their files. The current version of KeRanger was also reported to still be under development, with future iterations of the malware potentially able to encrypt Time Machine backups too, in order to prevent restoration.

It was only a matter of time before ransomware came to the Mac, however, it is worrying how vulnerable usually trustworthy open source projects are to unwillingly carrying malware. While the infected version of Transmission has since been pulled from their site, if you believe you have been infected, Palo Alto Networks’ report includes steps on how to identify and remove KeRanger.
Topics: , , , ,

Support eTeknix.com

By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.
eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram

  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch

  • Features

    Computex CES
    Fun Reads eTeknix Deals

Send this to a friend
})