New Mac ransomware discovered for the first time in four years

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

PCHF IT Feeds

PCHF Tech News
PCHF Bot
Jan 10, 2015
32,361
20
pchelpforum.net
Researchers have discovered a new Mac ransomware circulating on a Russian torrenting forum, disguised as a Little Snitch installer.

Popular among torrenters, Little Snitch is a legitimate Mac application that allows users to monitor and filter network traffic - but in this case is being used as a front for a ransomware attack.

The fake installer is described as “attractively and professionally packaged”, and attempts to disguise its malware payload behind a genuine Little Snitch installation. It also uses filenames that would not look out of place on activity logs at first inspection.


According to security firm Malwarebytes, the Mac malware is the first of its kind to be discovered in four years - and is only the fourth to be identified in the history of the operating system.

Mac malware


Although the fake installer is said to be convincing, the malware itself exhibits a number of eccentricities that inhibit its effectiveness.

For example, upon installation, the Mac malware failed to begin encrypting files, despite researchers allowing it to run for a significant amount of time. The malware only began to encrypt data after the system clock was meddled with and the computer restarted multiple times.

The malware is also not particularly stealthy, encrypting settings-related files that generate error messages and alter the appearance of the desktop when tampered with, alerting the user to the infection.

While some victims found the malware created a file containing instructions for paying the ransom, as well as generating a pop-up alert, researchers were unable to replicate these findings.

Although this particular Mac malware is somewhat clumsy in its execution, users will still want to avoid infection - especially as a decryption procedure is yet to be established.

“The best way of avoiding the consequences of ransomware is to maintain a good set of backups,” advised Thomas Reed, Director of Mac and Mobile and Malwarebytes.

“Keep at least two backup copies of all important data, and at least one should not be kept attached to your Mac at all times (ransomware may try to encrypt or damage backups on connected drives).”


Continue reading...