OS X can be vulnerable to crypto-ransomware, says Symantec

Proof-of-concept malware shows OS X devices can have files encrypted by ransomware attack

Tags: Apple IncorporatedCyber crimeRansomwareSymantec Corporation
  • E-Mail
OS X can be vulnerable to crypto-ransomware, says Symantec The Mabouia ransomware was developed as a proof of concept to show encryption attacks on Apple OS X are possible.
By  Mark Sutton Published  November 12, 2015

Apple Macs can be vulnerable to crypto-ransomware, Symantec has reported in a blog post.

The security company said that it has completed testing of a proof-of-concept threat developed by a Brazilian cybersecurity researcher that can encrypt files on an OS X system that could be used by hackers to lock users data and extort ransom payments from them.

The Mabouia ransomware was developed by Brazilian cybersecurity researcher Rafael Salema Marques, who wrote the PoC malware to highlight the fact that Macs may not be immune to the threat of ransomware. Previously only browser-based ransomware attacks had been used against Macs.

Marques shared a sample of the ransomware with Symantec and Apple. Symantec's analysis has confirmed that the PoC is functional. Marques said he has no intention of publicly releasing the malware.

Mabouia follows the tried-and-tested model used by many ransomware variants of encrypting files on the infected computer and sending the encryption key to a command-and-control (C&C) server. The malware displays payment instructions on the infected computer, including a unique ID the victim would need to use to retrieve a decryption key. This key can potentially be sent to the victim upon payment of a ransom.

In the case of Mabouia, because it's a proof of concept, it only encrypts files saved in a directory called ‘ransom'. Most Mac users will not have a directory with this name on their computer.

Mabouia is the first case of file-based crypto-malware for OS X, albeit a proof-of-concept. Macs have nevertheless already been targeted by ransomware in the form of browser-based threats. For example, in 2013, researchers at Malwarebytes discovered browser-based ransomware that targeted Safari for Mac users through a malicious website. The website directed Windows users to a drive-by download, while Mac users were served JavaScript that caused Safari to display persistent pop-ups informing the user their browser had been ‘locked' by the FBI for viewing illegal content.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code