Mac users have been targeted by hackers with "ransomware" in what is believed to be the first attack campaign of its kind against users of Apple's operating system.
Ransomware is a type of malware – or malicious software – that has been on the rise recently and steals your files and data, encrypts it, and then asks you to pay money to get it back.
Security firm Palo Alto Networks, discovered the particular ransomware, known as "KeRanger" targeting Mac users on Friday and explained how it was infecting systems in a blog post on Sunday.
A piece of "BitTorrent" software known as "Transmission" was infected with KeRanger, so that when Mac users were downloading the latest version of the product, the ransomware was installed on their machine.
"Transmission is an open source project. It's possible that Transmission's official website was compromised and the files were replaced by re-compiled malicious versions, but we can't confirm how this infection occurred," Palo Alto said in the blog entry.
The Apple Store in Grand Central Station in New York City.
Mike Segar | Reuters
The Apple Store in Grand Central Station in New York City.
The ransomware was able to bypass Apple's security checks as it was "signed with a valid Mac app development system", tricking the OS X operating system into thinking it was a legitimate piece of software.
Once KeRanger was installed on a Mac, it waited three days before carrying out the attack. The malware begins encrypting certain types of document and data files on a system and once that process is finished, KeRanger demands the victim pay one bitcoin, equivalent to just over $400, according to the latest price by industry website CoinDesk.
Palo Alto said it reported the issue to Apple on March 4. Apple "has since revoked the abused certificate" and updated its antivirus software. Transmission has removed the malicious software from its site.
Both Apple and Transmission were not immediately available for comment when contacted by CNBC.
It's not the first time ransomware has targeted Apple OS X users. In 2014, cybersecurity firm Kaspersky Lab discovered "FileCoder". However, Palo Alto believes its discovery of KeRanger is the first complete ransomware attacking Mac users.
"As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully-functional ransomware seen on the OS X platform," Palo Alto wrote in a blog post.
The security researcher firm gave tips on how to protect against KeRanger on its blog.
Ransomware is a type of malware – or malicious software – that has been on the rise recently and steals your files and data, encrypts it, and then asks you to pay money to get it back.
Security firm Palo Alto Networks, discovered the particular ransomware, known as "KeRanger" targeting Mac users on Friday and explained how it was infecting systems in a blog post on Sunday.
A piece of "BitTorrent" software known as "Transmission" was infected with KeRanger, so that when Mac users were downloading the latest version of the product, the ransomware was installed on their machine.
"Transmission is an open source project. It's possible that Transmission's official website was compromised and the files were replaced by re-compiled malicious versions, but we can't confirm how this infection occurred," Palo Alto said in the blog entry.
The Apple Store in Grand Central Station in New York City.
Mike Segar | Reuters
The Apple Store in Grand Central Station in New York City.
The ransomware was able to bypass Apple's security checks as it was "signed with a valid Mac app development system", tricking the OS X operating system into thinking it was a legitimate piece of software.
Once KeRanger was installed on a Mac, it waited three days before carrying out the attack. The malware begins encrypting certain types of document and data files on a system and once that process is finished, KeRanger demands the victim pay one bitcoin, equivalent to just over $400, according to the latest price by industry website CoinDesk.
Palo Alto said it reported the issue to Apple on March 4. Apple "has since revoked the abused certificate" and updated its antivirus software. Transmission has removed the malicious software from its site.
Both Apple and Transmission were not immediately available for comment when contacted by CNBC.
It's not the first time ransomware has targeted Apple OS X users. In 2014, cybersecurity firm Kaspersky Lab discovered "FileCoder". However, Palo Alto believes its discovery of KeRanger is the first complete ransomware attacking Mac users.
"As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully-functional ransomware seen on the OS X platform," Palo Alto wrote in a blog post.
The security researcher firm gave tips on how to protect against KeRanger on its blog.
No comments:
Post a Comment