New ransomware targeting OS X was spotted in the wild

Victor, 07 March, 2016

Yes, we all know that convenient, long-standing myth about OS X being immune to viruses and while Apple has done a great deal to secure the platform, it was bound to happen sooner or later - a ransomware application was caught infecting OS X machines.

Palo Alto Networks claims that the software, going by the name of "KeyRanger" is the first known case of a malicious encrypter running on OS X, other than a reportedly unfinished bit of code known as "FileCoder", spotted back in 2014.

If you don't know what ransomware actually is, it is basically a file encrypter that infects your system and in the case of KeyRanger, lays dormant for three days, after which it encrypts your files and asks you to pay a sizable amount of money (in bitcoin form) to an unknown organization to get them un-encrypted. The malicious code is already in the open and is being distributed as a part of the popular Torrent client app Transmission.

Just to clarify, it is not the work of the app developers, but Transmission has rather been employed as a host. Apparently, hackers got their hands on version 2.90 of the app package, so, if you are currently running that one, you might be infected. If the aforementioned three days haven't passed yet, you might still have a change to delete KeyRanger before it locks you out of your files.

Specialists from Palo Alto Networks have released an in-depth analysis of the software and how it works, which you can check out at the source link, but generally suggest that users be on the lookout for a suspicious kernel_service process in Activity monitor and you can also check for the existence of a "General.rtf" file inside the Resources folder of Transmission.

But even if you don't intend or want to get your hands dirty, both Apple and the Transmission team have taken swift measures. The former has revoked the certificate used by the affected app package, so it can no longer be installed. As for Transmission, it has issued an emergency version 2.92 update that claims to actively remove the ransomware files, if present.

Source | Via

OS XVarious

Related

Reader comments

  • Anonymous
  • 08 Jan 2017
  • 8HW

Yes one for a few days in the history of apple vs thousands daily on the other platform

  • AnonD-362866
  • 08 Mar 2016
  • NmP

Again, wasting your breath, but hey what ever rocks your co... Nvm

  • AnonD-512237
  • 08 Mar 2016
  • fmg

The one thing I love ❤ about Apple 🍎 is how they quickly take actions when they have vulnerabilities... Things just get fixed on the go and I think that is how things must be handled.

Popular articles

More

Popular devices

Electric Vehicles

More