News Categories

Mac users now have to deal with its first ever known ransomware

By Liu Hongzuo - on 7 Mar 2016, 12:08pm

Mac users now have to deal with its first ever known ransomware

The unfortunate website that was unintentionally hosting the ransomware downloads.

Mac users may like the Apple platform over Windows OS because of the reduced attention it gets from hackers, but that doesn’t mean that your Mac is entirely safe from malicious programming. Over the weekend, these users had to contend with KeRanger, the first publicly known, fully functional ransomware that targets Mac platforms.

KeRanger is a malicious ransomeware program, which infects Mac systems by riding in on installation files for Transmission, a torrent manager. According to Palo Alto Networks (the security firm that detected the ransomware), it’s likely that Transmission’s official website was compromised, and had its download files replaced with malicious copies containing KeRanger.

Text shown by the ransomware demanding payment, so that the user can regain control of their files.

The ransomware bypasses Apple’s Gatekeeper protection, because the malicious code comes signed with a valid Mac app development certificate. Installing a faked copy of Transmission will automatically run the embedded executable files. KeRanger waits three days before connecting with their command servers using the anonymous Tor network. After which, the malware will encrypt files on the infected system, and it will demand that the unfortunate user to pay one Bitcoin (approximately US$400) to a specific address and get the files back.

Apple has since revoked the abused certificate and updated XProtect antivirus signature. Transmission Project removed the malicious installers from its website. To see how the technical aspects of the ransomware, you can learn from Palo Alto Networks’ blog entry here.

Source: Palo Alto Networks via Engadget

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.