Apple Shuts Down First Viable Malware For Mac

Posted : admin On 28.07.2019
Apple Shuts Down First Viable Malware For Mac Average ratng: 8,4/10 4695 reviews

Jun 15, 2017 - HACKERS are targeting Apple with ransomware and spyware being spread. The other piece of spyware watches what Apple Mac and Macbook. Into a real, lucrative underground economy with malware being a viable if. Santander DOWN: Online banking not working and app issues for. With the help of security researchers, Apple over the weekend quickly blocked a cyberattack aimed at infecting Mac users with file-encrypting malware known as ransomware.

Has shut down what appears to have been the first, fully-functional ransomware targeting Mac computers. This particular form of cyber threat involves malware that encrypts the data on your personal computer so you can no longer access it. Afterwards, the hackers request that you pay them in a hard-to-trace digital currency – in this case, bitcoin – in order for you to retrieve your files.

This ransomware, called KeRanger,” was first reported by researchers at. They also noted that Apple has now revoked the abused certificate that was used in the attack and updated its built-in anti-malware system XProtect with a new signature to protect customers.

Technically, KeRanger was not the first ransomware aimed at Mac users. The security firm said that another malware application known as had been previously discovered. However, FileCoder was incomplete at the time it was found, which is why the firm believes that KeRanger is the first functional ransomware to appear on the OS X platform. The fact that has now been targeted speaks to the popularity of Apple’s operating system – ransomware is a fairly common form of cyber threat these days as victims are often likely to cave into attackers’ demands. This has even been the case in some high-profile attacks, as with the last month. The hospital eventually to $17,000 in bitcoins to get its systems back up-and-running. With KeRanger, the demands were more modest, though it’s unclear for now how many users actually fell victim to the attack and how successful it was at exploiting those victims.

For what it’s worth, Ryan Olson, Director of Threat Intelligence at Palo Alto Networks, tells us his company believes that their quick action combined with Apple’s fast response has “greatly limited the impact of this threat.” According to Palo Alto Networks, attackers infected two installers of, an open source BitTorrent client, with the malware which would then encrypt files and then demand a ransom of one bitcoin (around $400) to release the files back to the users’ control. The KeRanger application itself was signed with a valid Mac app development certificate, which is how it was able to skirt around Apple’s Gatekeeper protection mechanism. Weekly steam for mac. After being alerted to the threat on March 4, Apple acted quickly this weekend to revoke this certificate and update its antivirus signature, Palo Alto Networks said.

Apple shuts down first viable malware for macbook

Apple Shuts Down First Viable Malware For Mac Mac

Apple has not posted detailed removal or support information regarding KeRanger at this time, but the company confirmed to TechCrunch that the certificate has been pulled so no one can install the affected application. The best way for consumers to protect themselves is to update Apple’s malware profiles via, we understand. End users are also seeing protections “KeRanger.A malware” as being rolled out in the latest XProtect update. Other user-to-user with the malware should take, which require finding and deleting certain hidden files., which was a victim of the attack in its own way, has also updated its website to advise users who downloaded the infected version 2.90 of the software to upgrade and run version 2.92 instead.

This version will remove the malware-infected file from the system. (Transmission was never hosted on the Mac App Store, but its app has an auto-update mechanism which will help those who don’t manually upgrade.) In addition, if a user now tries to run the infected version of Transmission, they’ll be shown a warning dialog that informs them to eject the disk image, and that the app will damage your computer and should be moved to the Trash. While Apple has addressed the immediate threats posed by KeRanger, there is still some concern given that the security firm believes this malware is still under development.

Its analysis suggests that attackers may be trying to develop backdoor functionality that would encrypt users’ Time Machine backups, as well. If that was the case, then victims wouldn’t be able to recover their files using Time Machine – they would be more at the mercy of the hackers’ demands.

7 March 2016 0 With the help of security researchers, Apple over the weekend quickly blocked a cyberattack aimed at infecting Mac users with file-encrypting malware known as ransomware. The incident is believed to be the first Apple-focused attack using ransomware, which typically targets computers running Windows. Victims of ransomware are asked to pay a fee, usually in bitcoin, to get access to the decryption key to recover their files. Security company Palo Alto Networks wrote on Sunday that it found the KeRanger ransomware wrapped into Transmission – a free Mac BitTorrent client. Transmission that people who downloaded the 2.90 version of the client “should immediately upgrade to 2.92”. It was unclear how the attackers managed to upload a tampered version of Transmission to the application’s website.

But compromising legitimate applications is a commonly used method. “It’s possible that Transmission’s official website was compromised and the files were replaced by re-compiled malicious versions, but we can’t confirm how this infection occurred,” Palo Alto. The tainted Transmission version was signed with a legitimate Apple developer’s certificate.

Apple Shuts Down First Viable Malware For Mac Free

If a Mac user’s security settings are set to allow downloads from identified Apple developers, the person may not see a warning from that the application could be dangerous. Apple revoked the certificate after being notified on Friday, Palo Alto wrote.

The company has also updated its XProtect antivirus engine. After it is installed on a system, KeRanger waits three days before connecting to a remote command-and-control server using the Tor system.

It is coded to encrypt more than 300 types of files. The ransom is 1 bitcoin, or about €370. There are few defenses against ransomware. Antivirus programs often do not catch it since the attackers frequently make modifications to fool security software. The best method is to ensure files are regularly backed up and that the backup system is isolated in a way to protect it from being infected as well. Disturbingly, KeRanger appears to also try to encrypt files on Apple’s Time Machine, its consumer backup drive, Palo Alto wrote. Ransomware schemes have been around for more than a decade, but over the last few years have spiked. At first the attacks struck consumer computers, with the aim of extracting a few hundred dollars.

Apple shuts down first viable malware for mac free

But it appears attackers are targeting companies and organisations that may pay a much larger ransom to avoid disruption. Last month, a Los Angeles hospital a $17,000 ransom after saying it was the quickest, most effective way to restore its systems. The ransomware had affected its electronic medical records.

Although Apple’s share of the desktop computing market is much lower than Windows, cyberattackers have been showing increasing interest in it. But so far, ransomware hasn’t been a problem, although some researchers have created proof-of-concept file-encrypting malware for Macs. Last November, Brazilian security researcher Rafael Salema Marques showing how he coded ransomware for Mac in a couple of a days. He didn’t release the source code.

Apple Shuts Down First Viable Malware For Mac

Also, OS X security expert Pedro Vilaca posted for Mac ransomware he wrote, another experiment showing how simple it would be for attackers to target the platform. IDG News Service.