![]() It doesn’t matter if you are running Windows or OS X on your computer, the way to reduce the threat of ransomware blackmailing you for the safe return of your data is the same: The fact is that ransomware has proven to be a successful way to extort money out of Windows users, and there is little doubt that online criminals will not be tempted to switch the threat to Mac users too - especially as there continue to be many Mac users who have fooled themselves into believing that they do not need to take basic security precautions, such as running Mac anti-virus software. ![]() ![]() Ransomware has admittedly rarely reared its ugly head on the OS X platform, but security researchers have been warning that there is no technical reason why extortionists might not target users of Apple’s operating system just as they have on Windows.įor instance, in 2014 researchers warned of Mac ransomware called “FileCoder,” which they described as “unfinished.” More recently, last November, researcher Rafael Salema Marques produced a functional proof of concept of ransomware that he called Mabouia.Īnd two months earlier OS X security researcher Pedro Vilaça published the code of his own Mac ransomware as a warning of what was possible.Ĭould this be the beginning of more ransomware attacks for Mac users? It would be a brave man who would bet against it. However, that’s not quite telling the whole story. Reuters is reporting that this is the first time Mac users have been threatened by ransomware - which is a commonly encountered threat on Windows computers. One natural theory is that the attackers may have been able to exploit a security vulnerability on the website to update the binary, having recompiled its open source code after incorporating the malware. Quite how the Transmission installer package managed to become infected is as yet a mystery. Intego’s malware research team has also updated its VirusBarrier anti-virus definitions to detect the ransomware, identified as OSX/KeRanger. We suggest terminating it with “Quit -> Force QuitĪpple has since revoked the abused certificate and updated XProtect anti-virus signature, and Transmission Project has removed the malicious installers from its website. If so, the process is KeRanger’s main process. If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users//Library/kernel_service”. Using “Activity Monitor” preinstalled in OS X, check whether any process named “kernel_service” is running. Furthermore, the malicious downloads have now been removed from the Transmission website.Īs MacRumors reports, the software is alerting users with a bright red warning when the app informs them that an update is available:Įveryone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file. Palo Alto’s research team report that Apple has now revoked the digital certificates that the malware attack was abusing, and updated the rudimentary XProtect anti-virus protection built into the OS X operating system. This new version will make sure that the “” ransomware (more information available here) is correctly removed from you computer. ![]() Because KeRanger waits three days before awaking, encrypting your documents and data files, contacting its command-and-control servers, and demanding a one bitcoin (approximately $400) ransom be paid for your data’s safe return.Īccording to the researchers, the KeRanger malware also attempts to encrypt Time Machine backup files, no doubt in an attempt to make it harder for victims to recover their precious data without paying the extortionists.Īnd don’t imagine that OS X’s built-in Gatekeeper protection would have saved you, as it appears that the poisoned KeRanger app was signed with a valid Mac app development certificate.Ī message on the official Transmission website confirms the threat to users, and advises that they “immediately upgrade” to version 2.92:Įveryone running 2.90 on OS X should immediately upgrade to 2.92, as they may have downloaded a malware-infected file. The outcome is that if you were unfortunate enough to install Transmission 2.90 onto your Mac, your computer may now be the digital equivalent of ticking time bomb. It is believed that hackers managed to compromise the installer of Transmission version 2.90 on its download site on Friday, March 4, in order to spread ransomware that researchers at Palo Alto Research have dubbed “KeRanger.” Mac owners who use the open source Transmission BitTorrent client are being warned that a version of the installer was distributed via the app’s official website, infected with a new family of ransomware. Malware + Recommended + Security News Mac Users Hit by Rare Ransomware Attack, Spread via Transmission BitTorrent App
0 Comments
Leave a Reply. |