Categories: SecurityVirus

Apple Users Stung By First Ever Mac Ransomware

Apple users were targeted by malicious hackers over the weekend in the first known case of a ransomware attack on Apple Mac computers, Palo Alto Networks has confirmed.

The ransomware campaign, dubbed “KeRanger” by the security firm that found it, was hidden in a BitTorrent installer for software called Transmission, which allows Mac users to download videos, music and software via a peer-to-peer network.

Ransomware campaigns silently infiltrate a user’s computer, then encrypt that machine’s data, asking the user to pay a ransom in digital currency to release their data.

Palo Alto Network said the ransomware is programmed to activate three days after infection, meaning users who unwittingly contracted the virus on Friday, the day Palo Alto Networks found the virus, will be hit on Monday March 7.

OS X

“On March 4, we detected that the Transmission BitTorrent ailient installer for OS X was infected with ransomware, just a few hours after installers were initially posted,” wrote Palo Alto researchers Claud Xiao and Jin Chen in a company blog.

“Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site.

“Transmission is an open source project. It’s possible that Transmission’s official website was compromised and the files were replaced by re-compiled malicious versions, but we can’t confirm how this infection occurred,” they wrote.

The transmission software affected is designed for users of OS X, Apple Mac’s latest operating system.

Palo Alto Networks says that Apple revoked the abused certificate and updated its antivirus signature after it was alerted to the attack. Palo Alto Networks has also updated its software to stop KeRanger from affecting users.

Transmission itself is running an urgent message on its website advising users to upgrade to the latest version that will remove the ransomware from an infected machine.

“Read immediately!!!!,” the warning says. “Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file. This new version will make sure that the “OSX.KeRanger.A” ransomware is correctly removed from your computer.”

Read our guide here on avoiding ransomware and staying safe

Ben Sullivan

Ben covers web and technology giants such as Google, Amazon, and Microsoft and their impact on the cloud computing industry, whilst also writing about data centre players and their increasing importance in Europe. He also covers future technologies such as drones, aerospace, science, and the effect of technology on the environment.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

10 mins ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

1 hour ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

2 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

4 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

6 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

7 hours ago