Despite the rising amount of ransomware attacks recently, Apple’s Mac OSX has so far remained unaffected by it. Unfortunately, for Mac-users, security firm Palo Alto Networks announced on Sunday that it had discovered the world’s first ransomware that is aimed at OSX computers. Now named “KeRanger”, the malware was discovered through a rogue version of the popular Transmission BitTorrent client.
KeRanger was first noticed on Saturday on the Transmission forums, where some users posted unusual reports that copies of Transmission downloaded from the main site were infected with malware. This means that the Transmission site itself was compromised, as the KeRanger infected versions of the client were served over an HTTP connection instead of the usual HTTPS used for the remainder of the website. Transmission later published a message stating that: “Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file.”
When a computer is infected with the KeRanger ransomware, through installing a compromised version of Transmission, the installer runs an embedded executable file on the system. It then waits 3 days before connecting to its command and control (C2) servers over the Tor anonymizer network. From there, it begins the process of encrypting certain types of files and documents on the system before issuing a demand of one bitcoin (around $400) to a specific address in order to restore access to their files. The current version of KeRanger was also reported to still be under development, with future iterations of the malware potentially able to encrypt Time Machine backups too, in order to prevent restoration.
It was only a matter of time before ransomware came to the Mac, however, it is worrying how vulnerable usually trustworthy open source projects are to unwillingly carrying malware. While the infected version of Transmission has since been pulled from their site, if you believe you have been infected, Palo Alto Networks’ report includes steps on how to identify and remove KeRanger.
In July last year, Netflix officially confirmed that it had ended the option for new…
The free-to-play MMO Albion Online is one of the best games to come out of…
Set the curve with the CORSAIR XENEON FLEX 45WQHD240 OLED Bendable UltraWide Gaming Display, built…
Say hello to the future of graphics, with the MSI GeForce RTX 4090 GAMING X…
This Scan Gamer RTX features the 8GB NVIDIA GeForce RTX 3050 graphics card featuring new…
The MAG series fights alongside gamers in pursuit of honor. With added military-inspired elements in…