GEC NEWS WIREPalo Alto Networks discovered a ransomware known as “KeRanger” targeting Mac users
Mac users have been targeted by hackers with “ransomware” in what is believed to be the first attack campaign of its kind against users of Apple’s operating system.
Research done by Unit 42 detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted. Since the attack Apple has revoked the abused certificate and updated XProtect antivirus signature, and Transmission Project has removed the malicious installers from its website. Palo Alto Networks has also updated URL filtering and Threat Prevention to stop KeRanger from impacting systems.
Palo Alto Networks, discovered the particular ransomware, known as “KeRanger” targeting Mac users and explained how it was infecting systems. The KeRanger application was signed with a valid Mac app development certificate; therefore, it was able to bypass Apple’s Gatekeeper protection.
The only previous ransomware for OS X was FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, KeRanger is the first fully functional ransomware seen on the OS X platform. Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data.
