News

First Mac-Targetting Ransomware Appears in the Wild

Despite the rising amount of ransomware attacks recently, Apple’s Mac OSX has so far remained unaffected by it. Unfortunately, for Mac-users, security firm Palo Alto Networks announced on Sunday that it had discovered the world’s first ransomware that is aimed at OSX computers. Now named “KeRanger”, the malware was discovered through a rogue version of the popular Transmission BitTorrent client.

KeRanger was first noticed on Saturday on the Transmission forums, where some users posted unusual reports that copies of Transmission downloaded from the main site were infected with malware. This means that the Transmission site itself was compromised, as the KeRanger infected versions of the client were served over an HTTP connection instead of the usual HTTPS used for the remainder of the website. Transmission later published a message stating that: “Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file.”

When a computer is infected with the KeRanger ransomware, through installing a compromised version of Transmission, the installer runs an embedded executable file on the system. It then waits 3 days before connecting to its command and control (C2) servers over the Tor anonymizer network. From there, it begins the process of encrypting certain types of files and documents on the system before issuing a demand of one bitcoin (around $400) to a specific address in order to restore access to their files. The current version of KeRanger was also reported to still be under development, with future iterations of the malware potentially able to encrypt Time Machine backups too, in order to prevent restoration.

It was only a matter of time before ransomware came to the Mac, however, it is worrying how vulnerable usually trustworthy open source projects are to unwillingly carrying malware. While the infected version of Transmission has since been pulled from their site, if you believe you have been infected, Palo Alto Networks’ report includes steps on how to identify and remove KeRanger.

Alexander Neil

Disqus Comments Loading...

Recent Posts

Helldivers II Adds Killzone 2 Collaboration

Despite Helldivers II's popularity, fans have long felt the game lacked collaborations. Nearly a year…

2 hours ago

Call of Duty: Black Ops 6 Anti-Cheat System Didn’t Perform Well, TeamRICOCHET Admits

The anti-cheat system in Call of Duty: Black Ops 6 and Warzone has not met…

2 hours ago

NVIDIA’s New App Causes Game Slowdowns: Here’s How to Fix

The NVIDIA app, which recently replaced GeForce Experience, has gained popularity for its revamped interface…

2 hours ago

AMD May Launch Ryzen 5 9600 Non-X Variant in Late January 2025

AMD is gearing up to expand its CPU lineup in early 2025, with recent leaks…

2 hours ago

AMD Ryzen AI 7 350 from Upcoming Kraken Point Series Spotted on PassMark

Following the leak of AMD's flagship laptop CPU, another processor from the AMD Kraken Point…

2 hours ago

DeepCool Launches ASSASSIN IV VC VISION CPU Cooler

DeepCool has just announced the ASSASSIN IV VC VISION CPU cooler, the latest in its…

6 hours ago