First working ’ransomware’ on OS X released via Transmission BitTorrent client
- mar
- 06
OS X now has an example of "ransomware". A security firm has discovered that an earlier version of the Transmission BitTorrent client installer was infected with what they are calling the "KeRanger" ransomware. It's the first time a fully working version of this kind of malware has been found out in the open for OS X.
According to Palo Alto Networks, KeRanger was first detected on March 4:
The KeRanger application was signed with a valid Mac app development certificate; therefore, it was able to bypass Apple's Gatekeeper protection. If a user installs the infected apps, an embedded executable file is run on the system. KeRanger then waits for for three days before connecting with command and control (C2) servers over the Tor anonymizer network. The malware then begins encrypting certain types of document and data files on the system. After completing the encryption process, KeRanger demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files. Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data.
Palo Alto Networks has informed Apple of their findings and it has since pulled the Mac app certificate for KeRanger and updated its XProtect antivirus signature. The Transmission Project website has also removed the infected client.
Source: Palo Alto Networks
