Mac, News

First OS X Ransomware Discovered


Ransomware Discovered

It is told that an infected download contains the first Ransomware found on the Mac platform. According to a notice which had appeared on the Transmission BitTorrent client website the latest version of the software downloaded from their website may be infected with malware. It said, “Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file. Using “Activity Monitor” preinstalled in OS X, check whether any process named “kernel_service” is running. If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users//Library/kernel_service”. If so, the process is KeRanger’s main process. We suggest terminating it with “Quit -> Force Quit”

KeRanger is what the malware is being called as the “first fully functional” ransomware on the OS X platform. When it attached itself to an app, the malware connects to a remote server via the Tor anonymizing service, then “begins encrypting certain types of document and data files on the system.” After which the ransomware “demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files.” Researchers who have been studying the code say that it is “under active development” and that it seems that it also tries to encrypt the user’s backup data to prevent them from restoring their devices.

It has been reported by Reuters that this is the first incident of Ransomware to affect the Mac platform. Ransomware basically hijacks the data on your device making it inaccessible and demands payment to the attackers to unencrypt it. This kind of cyber attack has been gaining popularity on PCs but it had not yet been seen on the Mac. It is reported that Apple has taken note of the issue and has revoked “a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs.” Having also issued an XProtect update, if a user attempts to open an infected version of the app, a dialog box will pop up and read “ will damage your computer. You should move it to the Trash,” or “Transmission can’t be opened. You should eject the disk image.”

Previous ArticleNext Article