KeRanger, The First Ever Ransomware For OS X Platform Discovered By Security Experts
Cyber security experts from Palo Alto Networks have managed to unearth the first ever ransomware that was developed for OS X operating systems that run on Mac devices from Apple. While it’s not uncommon for ransomware to affect smartphones and Windows PCs, it’s the first instance someone has developed a ransomware to affect Macs. The ransomware is called “KeRanger†and it managed to piggyback itself on the Transmission BitTorrent client. Transmission is a legit application for OS X that helps you download torrents, but unfortunately it’s also an open source one which means anyone could have added the KeRanger coding to the DMG files (Apple Disk Image files same as installation files on PCs).
The problem began on March 4th when the attackers managed to successfully infect two installers of Transmission (version 2.90) with KeRanger. The now malicious app managed to avoid Apple’s Gatekeeper protection since it was signed with a legitimate Mac app development certificate. The malicious code was cleverly hidden by the attackers in a Mach-O format executable file that looked like an RTF file that generated a service without the user’s knowledge. Once the file got unpacked it was instructed to sit idle for three days. Once the waiting time was over, the service contacts its command and control servers over the Tor network which makes identification of its attacker’s location almost impossible.
Once it establishes contact, the KeRanger begins to slowly encrypt certain types of document and data files on the system. Once the encryption is complete the KeRanger demands that the victims pay one bitcoin whose value is estimated to be around 400 USD to a specific address to unlock their files. One of the interesting things that the folks from Palo Alto Networks picked up was that the malicious app was still under development as there were efforts to encrypt Time Machine backup files to prevent victims from recovering their back-up data.
Once they uncovered the KeRanger the team from Palo Alto Networks reported the fact to Apple and the Transmission project. Apple was quick to revoke the security certificate used to legitimise the malicious app. Apple also updated the XProtect antivirus signature to help users identify the app. The team from Transmission did their part by removing the infected installers from its website. So the trouble appears to be over but who knows the attackers might find another way to sneak in somehow.
Source: #-Link-Snipped-# via Mac ransomware caught before large number of computers infected | Reuters
The problem began on March 4th when the attackers managed to successfully infect two installers of Transmission (version 2.90) with KeRanger. The now malicious app managed to avoid Apple’s Gatekeeper protection since it was signed with a legitimate Mac app development certificate. The malicious code was cleverly hidden by the attackers in a Mach-O format executable file that looked like an RTF file that generated a service without the user’s knowledge. Once the file got unpacked it was instructed to sit idle for three days. Once the waiting time was over, the service contacts its command and control servers over the Tor network which makes identification of its attacker’s location almost impossible.
Once it establishes contact, the KeRanger begins to slowly encrypt certain types of document and data files on the system. Once the encryption is complete the KeRanger demands that the victims pay one bitcoin whose value is estimated to be around 400 USD to a specific address to unlock their files. One of the interesting things that the folks from Palo Alto Networks picked up was that the malicious app was still under development as there were efforts to encrypt Time Machine backup files to prevent victims from recovering their back-up data.
Once they uncovered the KeRanger the team from Palo Alto Networks reported the fact to Apple and the Transmission project. Apple was quick to revoke the security certificate used to legitimise the malicious app. Apple also updated the XProtect antivirus signature to help users identify the app. The team from Transmission did their part by removing the infected installers from its website. So the trouble appears to be over but who knows the attackers might find another way to sneak in somehow.
Source: #-Link-Snipped-# via Mac ransomware caught before large number of computers infected | Reuters
Replies
-
ankeeSir iam Extc final year student .my area of intrest is networking .i want to do my final year project on bases please halp me
Sum real time application .
Can i do project on raspberry pi
Please reply....its my humbled request
You are reading an archived discussion.
Related Posts
After launching the not-so-exciting Intex Cloud Breeze, the Indian smartphone manufacturer has launched another smartphone that aims at wowing the audience. On the occasion of Shivratri, Intex has come up...
I am 2016 passout b.tech ece fresher. Recently I wrote hcl talent care exam conducted in our campus and many of my friends are eligible for this six months training.So...
A group of engineers from the Iowa State University has manufactured an artificial skin that hides an object from a radar’s radio waves. Dubbed as “meta-skin”, the stretchable and tunable...
Project Abstract / Summary : Agriculture is the backbone of Indian economy. The feature of Indian agriculture system is that the farming land is separated into small segments and bulk...
Physicists from the University of Geneva (UNIGE), Switzerland have recently thrown new light on the theory of the ever expanding universe and the mechanisms involved in the process. Contemporary cosmology...