CyberCrimeSecuritySecurity Management

New Ransomware Campaign Targets The Apple Mac

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Google + Linkedin Subscribe to our newsletter Write a comment

Mac attack. New ransomware campaign targets Apple Mac users seeking to pirate popular software

Apple’s days of being seen as a more secure alternative to the Windows PC could be drawing to a close with the discovery of new ransomware campaign written specifically for the Apple Mac.

The ransomware, according to security researchers ESET, is hidden within a piece of software called ‘Patcher’.

Patcher is an application found on torrent websites that allows the user to pirate popular software.

Apple-Ipad-WallpaperPoorly Coded

According to an ESET blog post, the malware is written in Swift, and is distributed via BitTorrent distribution sites.

The researchers said the Torrent contains a single ZIP file – an application bundle.

“We saw two different fake application “Patchers”: one for Adobe Premiere Pro and one for Microsoft Office for Mac,” wrote ESET researchers. “Mind you, our search was not exhaustive; there might be more out there.”

According to ESET, the application itself is ‘poorly coded’ and the window has a transparent background, which can be quite distracting or confusing.

The application also has the bundle identifier NULL.prova and is signed with a key that has not been signed by Apple,” the researchers found.

If the Apple Mac user does trigger the ransomware by pressing start, it is time to say goodbye to their files, as it launches the encryption process.

As usual, the ransomware demands that the victims send 0.25 bitcoins (approximately $250) to a certain address to unlock the files.

No Recovery

But the sting in the tail is the fact that this malware doesn’t have any code to communicate with any C&C server.

What this means that is there is no way that the encryption key, used to encrypt the victim’s data, is sent to the extortionists. There is no way for them to provide a way to unlock the unfortunate victim’s files.

“Paying the ransom in this case will not bring you back your files,” blogged ESET. “That’s one of the reasons we advise that victims never pay the ransom when hit by ransomware.”

“This new crypto-ransomware, designed specifically for macOS, is surely not a masterpiece,” they warned. “Unfortunately, it’s still effective enough to prevent the victims accessing their own files and could cause serious damage.”

“There is an increased risk when downloading pirated software that someone is using a dubious channel for acquiring software in order to make you execute malware,” they added. “ESET recommends that you have a security product installed but the most important precaution in case you encounter crypto-ransomware is to have a current, offline, backup of all your important data.”

Apple has for years enjoyed a good security reputation,  as cyber criminals have tended to target Windows PCs in the past. But as the popularity of Apple devices increased, so has the attention from the cyber criminals.

Last year Palo Alto Networks found that Apple users were being targeted by the KeRanger ransomware attack on Mac computers.

Read our guide here on avoiding ransomware and staying safe