Posted on 03/06/2016 7:55:57 PM PST by Swordmaker
By Jim Finkle
BOSTON (Reuters) - Apple Inc customers were targeted by hackers over the weekend in the first campaign against Macintosh computers using a pernicious type of software known as ransomware, researchers with Palo Alto Networks Inc told Reuters on Sunday.
Ransomware, one of the fastest-growing types of cyber threats, encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.
Security experts estimate that ransoms total hundreds of millions of dollars a year from such cyber criminals, who typically target users of Microsoft Corp's Windows operating system.
Palo Alto Threat Intelligence Director Ryan Olson said the "KeRanger" malware, which appeared on Friday, was the first functioning ransomware attacking Apple's Mac computers.
"This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom," Olson said in a telephone interview.
An Apple representative said the company had taken steps over the weekend to prevent attacks by revoking a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs. The representative said he could not immediately provide other details.
The malware is programmed to encrypt files on an infected personal computer three days after the original infection, according to Olson.
That means that if Apple's steps prove ineffective in neutralizing malware that has already infected Macs, the earliest victims will have their files encrypted on Monday, three days after the malicious program first appeared on the Tranmission website, he said.
(Excerpt) Read more at ca.news.yahoo.com ...
MacDailyNews Note: Transmissions website (https://www.transmissionbt.com) states:
Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file. This new version will make sure that the OSX.KeRanger.A ransomware ( more information available here) is correctly removed from your computer.
Users of 2.91 should also immediately upgrade to and run 2.92. Even though 2.91 was never infected, it did not automatically remove the malware-infected file.
Swordmaker
Social engineering requires social idiots of which there are plenty.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
This one really doesn't require too much social engineering. The crooks somehow got their Trojan loaded into an update for the Transmission app for Torrent downloading and those who use that app for downloading stolen movies and pirated apps, who downloaded the 2.90 update, got the Trojan included with their update. There some irony in the fact that those who are willing to download pirated apps and steal movies and other copyrighted material are the ones who are going to be hit by this malware.
Sounds like this one is “legitimate” malware, insofar as it’s a normal-ish app running with Apple credentials that still manages to seriously abuse users.
Of course the system isn’t perfectly secure, and can be maliciously manipulated.
What’s important: it got caught fast, the signing authority (required for installation) was quickly revoked, and subsequent versions (auto-update?) undo/ward-off most of the damage which still won’t hit for 2+ days.
Of note: Apple is increasing pressure to “sandbox” apps so they can’t do such damaging things _at_all_. There’s no reason why a Torrent app should have access to any files other than what the user explicitly authorizes.
Ouch! Ransomware for Macs... geez... well it had to happen eventually... sounds like it’s fixable, as long as it hasn’t already hit...
Like I didn’t say, stupid is as stupid does.
Hear, hear.
>Theres no reason why a Torrent app should have access to any files other than what the user explicitly authorizes
As a lifelong root programmer, we will always find a way to perform the task. I prefer hook to crook.
I read somewhere that a good percentage of torrent users run their machines in Administrator mode. Not smart at all.
Earlier thread on the same article over here started by Mad Dawgg:
http://www.freerepublic.com/focus/f-chat/3405947/posts
Missed it on a search.
Wow, maybe that's what windows users do. I use it to download linux images, scientific research, engineering information, share information within distributed clusters with heterogenous OS (eg hadoop/osx/windows server), it totally rocks for strictly utilitarian purposes.We also use it to share information the powers-that-be want to suppress (eg climategate files, der spiegal's snowden data dumps, etc).
My peers and I must be some kind of weirdo pirates for shure.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.