Connect with us

First working ‘ransomware’ on OS X released via Transmission BitTorrent client

Apple News

First working ‘ransomware’ on OS X released via Transmission BitTorrent client

OS X now has an example of “ransomware”. A security firm has discovered that an earlier version of the Transmission BitTorrent client installer was infected with what they are calling the “KeRanger” ransomware. It’s the first time a fully working version of this kind of malware has been found out in the open for OS X.

According to Palo Alto Networks, KeRanger was first detected on March 4:

The KeRanger application was signed with a valid Mac app development certificate; therefore, it was able to bypass Apple’s Gatekeeper protection. If a user installs the infected apps, an embedded executable file is run on the system. KeRanger then waits for for three days before connecting with command and control (C2) servers over the Tor anonymizer network. The malware then begins encrypting certain types of document and data files on the system. After completing the encryption process, KeRanger demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files…

OS X now has an instance of "ransomware". O safety company has found out that an in advance model of the Transmission BitTorrent client installer used to be inflamed with what they're calling the "KeRanger" ransomware. It's the primary time an absolutely working model of this type of malware has been came upon within the open for OS X.

According to Palo Alto Networks, KeRanger used to be first detected on March 4:

The KeRanger software used to be signed with a legitimate Mac app construction certificates; subsequently, it used to be in a position to circumvent Apple's Gatekeeper coverage. If a consumer installs the inflamed apps, an embedded executable document is administered on the gadget. KeRanger then waits for for 3 days prior to connecting with command and keep an eye on (C2) servers over the Tor anonymizer community. The malware then starts encrypting sure kinds of report and information information on the gadget. After finishing the encryption procedure, KeRanger calls for that sufferers pay one bitcoin (approximately $400) to a selected cope with to retrieve their information. Additionally, KeRanger seems to nonetheless be underneath lively construction and it kind of feels the malware could also be making an attempt to encrypt Time Machine backup information to stop sufferers from getting better their again-up knowledge.

Palo Alto Networks has knowledgeable Apple in their findings and it has considering pulled the Mac app certificates for KeRanger and up to date its XProtect antivirus signature. The Transmission Project web site has additionally got rid of the inflamed client.

Source: Palo Alto Networks

Comments

More in Apple News

Popular

Featured

Advertisement
To Top