New Ransomware Targeting OS X Was Spotted In The Wild

By 10:18 Sat, 31 Jul 2021 Comments

Yes, we all know that convenient, long-standing myth about Operating System (OS) X being immune to viruses and while Apple has done a remarkable deal to secure the platform, it was bound to happen sooner or later - a ransomware application was caught infecting Operating System (OS) X machines.

Palo Alto Networks claims that the software, going by the name of "KeyRanger" is the first known case of a malicious encrypter running on Operating System (OS) X, other than a reportedly unfinished bit of code known as "FileCoder", spotted back in 2014.

If you don't know what ransomware actually is, it is basically a file encrypter that infects your system and in the case of KeyRanger, lays dormant for three days, after which it encrypts your files and asks you to pay a sizable amount of money (in bitcoin form) to an unknown organization to acquire them un-encrypted. The malicious code is already in the open and is being distributed as a part of the popular Torrent client app Transmission.

Just to clarify, it is not the work of the app developers, but Transmission has rather been employed as a host. Apparently, hackers got their hands on version 2.90 of the app package, so, if you are currently running that one, you might be infected. If the aforementioned three days haven't passed yet, you might still have a change to delete KeyRanger before it locks you out of your files.

Specialists from Palo Alto Networks have released an in-depth analysis of the software and how it works, which you can check out at the source link, but generally recommdiscontinue that users be on the lookout for a suspicious kernel_service process in Activity monitor and you can also check for the existence of a "General.rtf" file inside the Resources folder of Transmission.

But even if you don't intdiscontinue or want to acquire your hands dirty, both Apple and the Transmission team have taken swift measures. The former has revoked the certificate used by the affected app package, so it can no longer be installed. As for Transmission, it has issued an emergency version 2.92 update that claims to actively rego the ransomware files, if present.

Source | Via



Related Article



Please LOGIN or REGISTER To Gain Full Access To This Article