Hackers attack Mac computers with ransomeware
07 Mar 2016
Hackers targeted Apple customers over the weekend as they launched their first campaign against Macintosh computers. A software called ransomware was used in the attack, researchers with Palo Alto Networks Inc told Reuters yesterday.
Ransomware, which is among the fastest-growing types of cyber threats, encrypts data on infected machines, then typically demands ransom in hard-to-trace digital currencies to get an electronic key so as to allow users to retrieve their data.
According to security experts, ransoms totaled hundreds of millions of dollars a year from such cyber criminals, who typically targeted users of Microsoft Corp's Windows operating system.
According to Palo Alto Threat Intelligence director Ryan Olson, the "KeRanger" malware, which appeared on Friday, was the first functioning ransomware attacking Apple's Mac computers.
"This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom," Olson said in a telephone interview.
Macs were infected through a tainted copy of a popular program known as Transmission, used to transfer data through the BitTorrent peer-to-peer file sharing network, Palo Alto said on a blog posted last afternoon.
According to the blog, when users downloaded version 2.90 of Transmission, released on Friday, their Macs were infected with the ransomware.
With the help of security researchers, Apple over the weekend, quickly blocked a cyberattack aimed at infecting Mac users with file-encrypting malware known as ransomware.
The incident is believed to be the first Apple-focused attack using ransomware, which typically targeted computers running Windows.
Victims of ransomware are asked to pay a fee, usually in bitcoin, to get access to the decryption key to recover their files.
Security company Palo Alto Networks wrote on Sunday that it found the "KeRanger" ransomware wrapped into Transmission, which is a free Mac BitTorrent client.
Meanwhile, Transmission warned on its website that people who had downloaded the 2.90 version of the client "should immediately upgrade to 2.92."
It was not clear how the attackers managed to upload a tampered version of Transmission to the application's website, however compromising legitimate applications was a commonly used method according to commentators.
"It's possible that Transmission's official website was compromised and the files were replaced by re-compiled malicious versions, but we can't confirm how this infection occurred," Palo Alto Networks wrote on its blog.
The tainted Transmission version came with a legitimate Apple developer's certificate. If the security settings of a Mac user were set to allow downloads from identified Apple developers, the user might see a warning from Apple's GateKeeper that the application could be dangerous.
