The Mac’s old pride of being immune to the persistent online threat of viruses and malware lies shattered with the discovery of what is being considered to be the first ever malware attack on the Apple platform.
The said ransomware has been found riding piggyback on the popular BitTorrent client for the OS X named Transmission, it being version 2.90 to be specific. The BitTorrent file can be downloaded and installed on Mac for accessing shared torrent files.
The ransomware was first discovered by the researchers at Palo Alto Networks who have subsequently named it as the KeRanger. However, as Palo Alto Threat Intelligence Director Ryan Olson puts it, KeRanger is potentially more dangerous than the ransomware targeted at Macs that Kaspersky Labs had discovered back in 2014.
What makes the KeRanger so dangerous is that it actually manages to accomplish what it has set out to achieve. Typically, ransomware justifies it naming by seizing control of files or functionality which are then encrypted, thereby making those inaccessible to the owner of the computer. The ransomware then asks the owner to pay a definite amount for returning the computer to its normal state.
For KeRanger, the price is rather steep at 1 bitcoin, which translates to $400 as the ransom to be paid for KeRanger to transfer the control back to the user.
Another specialty of KeRanger is that it remains dormant on the target Mac for three days, a post which it begins to unfold its magic. That starts once it manages to establish contact with servers over the anonymous Tor Network.
After the encryption process is complete, owners of the device are directed to pay up the amount at the specified address for undoing the entire encryption process. In what could be even more devastating, KeRanger is also being developed to target the Time Machine backup files as well so as to deny users from restoring their device from the backup.
Fortunately, Both Apple and Transmission have been made aware of the threat posed by the rogue software, and remedial steps are already in place.
Apple stated it had revoked the digital certificate that the ransomware exploited to gain access to Macs. Researchers at the Palo Alto Networks said the “KeRanger application was signed with a valid Mac app development certificate,” which enabled it to get past Apple’s Gatekeeper security layer.
Transmission, on its part, has stated they have removed the infected version of the software from its site. It has also come up with an updated version as well that is devoid of the infection. Hence, Transmission has advised users to download and install the updated version 2.92 with immediate effect to prevent being hit by the ransomware.
However, while the immediate threat might have been neutralized, the myth of the Mac’s so-called immunity to online threats vis-a-vis its Windows counterparts is no more.