World's first "Ransomware" malware hits the Mac

7 November 2015, 03:53

Brazilian security researcher Rafael Marques has created a proof-of-concept showing ransomware taking control of a Mac’s files. See video below.

Ransomware is malware that infects a PC and typically encrypts a user’s files, then extorts a fee from the user in order to receive the decryption key. Although prevalent on Windows computers, and there even being a case affecting iOS a year ago, Marques claims this is the first example seen on a Mac.

Additionally, he claims that the Mac’s more affluent user base means ransomware attacks make more financial sense for the criminal fraternity.

Marques’ proof-of-concept attack, which he’s named Mabouia (seemingly after a type of gecko), appears to happen via a zip file and it’s not clear whether this is an actual zip file that exploits a vulnerability in the Mac’s handling of zip files, or an executable file with a hidden/false file extension. Once the Mac is infected the user is informed via files dropped onto the desktop to visit Marques’ website and purchase a decryption key. Files will no longer open in their native apps.

The good news is that Marques’ example attack takes a lot for granted. For example, if the attack file is indeed an executable and not a malformed zip then OS X’s Gatekeeper protection should step in and block running of the malware. There’s also the issue of how to get the file onto the user’s computer in the first place, with users wary of traditional vectors such as attachments to mail messages.

Therefore, outside of social engineering situations it’s hard to see Marques’ proof of concept becoming epidemic. We can continue to sleep soundly – for now, at least.

[Via OS X News, who provide technical details about the concept]

Leave a comment...