KeRanger malware targets Mac OS X
KeRanger is the first ransomware to target the operating system, whilst demanding pay of one bitcoin
A new malware dubbed KeRanger or OSX.Kreanger has surfaced and appears to be the first ransomware to target the Mac OS X operating system.
KeRanger was briefly distributed in a compromised version of the installer for the Transmission BitTorrent client. Mac OS X users who downloaded Transmission on 4 March and 5 March 2016 may be at risk of being compromised.
The malware was signed with a valid Mac Developer ID, which meant that it could bypass OS X's Gatekeeper feature, which is designed to block software from untrusted sources. Apple has since revoked the Developer ID used by KeRanger.
Security experts Symantec said once the malware is installed, it will search for roughly 300 different file types and encrypt any it finds. The malware will then display a ransom message, demanding that the victim pay one bitcoin, approximately US$408, and the payment is made using a website on the anonymous Tor network.
In November 2015, a proof-of-concept (PoC) threat known as Mabouia was developed by Brazilian cybersecurity researcher Rafael Salema Marques, who highlighted the fact that Macs may not be immune to the threat of ransomware.
Marques shared a sample of the ransomware with Symantec and Apple. Symantec's analysis confirmed that the PoC was functional. While the threat could be used to create functional Mac OS X crypto ransomware if it fell into the wrong hands, Marques said he has no intention of publicly releasing the malware.