KeRanger: Over the weekend, hackers κατάφεραν να προσθέσουν κακόβουλο κώδικα στην εφαρμογή BitTorrent για Mac Transmission. The malicious code contained the first fully functional ransomware for Mac computers, according to Palo Alto Networks researchers.
The infection occurred on March 4, and Palo Alto researchers reported that someone appeared to have violated Transmission's official website and replaced the legal Transmission for Mac version of the 2.90 version with that of the KeRanger ransomware.
KeRanger, as Palo Alto Networks explains, appears to be a faithful one copy of crypto-ransomware families targeting Windows and Linux systems.
Ransomware uses AES encryption to lock files, it targets over 300 different file extensions and requires a 1 Bitcoin (about 400 dollars) to unlock the files from the victim's computer. Payment is made only as Bitcoin via a .onion page on the Dark Web.
Palo Alto researchers report that KeRanger waits on the victim's computer three days before the encryption process starts. This means that some of the people who downloaded an infected Transmission application from March 4 may still have an opportunity to remove the ransomware from their Macs before encrypting their data.
Palo Alto provides removal instructions on her website. Once the encryption process begins, files cannot be recovered unless the victim pays the ransom, or has copies security of his data.
Researchers who examined the ransomware's source code report that KeRanger includes unfinished features that in future versions will also target Time files Machine, making it impossible to recover files from system backups.
In addition, another incomplete feature will allow hackers to execute commands on infected computers, making KeRanger from ransomware and a backdoor for malware.
Apple, on the other hand, immediately withdrew the application signature certificate and updated XProtect antivirus to protect future victims of the threat.
On the other hand, Transmission application developers removed the malicious application from their site and released a new version for Mac, the 2.91 version.