Programming Note: This site will be on break through the holidays and return in January. Be sure to subscribe or check back for updates!

Snippet: First Mac Ransomware Spotted ☇

Shared on March 7, 2016

Thomas Reed:

On Saturday, Apple quietly added detection of something called “KeRanger” to the XProtect anti-malware definitions in OS X. It was revealed on Sunday by Claud Xiao of Palo Alto Networks that KeRanger is the first real Mac ransomware, and it’s not just theoretical. It’s in the wild.

TransmissionAccording to Xiao, the Transmission app – a BitTorrent client – was infected to include this ransomware. The infected app was distributed from the official Transmission website, but with a different code signature than the normal one previously used to sign the Transmission app, implying that the app itself had been modified and re-signed by the attacker (although this has not yet been confirmed).

I won’t get into the ethics of using BitTorrent (there are some legal uses, although it’s probably more often used for a copyright violation), but it seems that the bigger thing is that this is a particularly scary piece of software in that it affects external drives.

Snippets are posts that share a linked item with a bit of commentary.