KeRanger: Over the weekend, hackers managed to add malicious code to the Mac BitTorrent app Transmission. The malicious code contained the first fully functional one ransomware για υπολογιστές Mac, όπως αναφέρουν οι researchers of Palo Alto Networks.
The infection occurred on March 4, and Palo Alto researchers reported that someone appeared to have violated Transmission's official website and replaced the legal Transmission for Mac version of the 2.90 version with that of the KeRanger ransomware.
KeRanger, as Palo Alto Networks explains, appears to be a faithful one copy of crypto-ransomware families targeting Windows and Linux systems.
The ransomware uses AES encryption to lock the archives, targets over 300 different file extensions and demands a 1 Bitcoin (about $400) to unlock the files from the victim's computer. Payment is made in Bitcoin only via a .onion page on the Dark Web.
The Palo Alto researchers report that KeRanger waits on the victim's computer for three days before launching procedureof encryption. This means that some of the people who downloaded an infected Transmission app since March 4 may have one more chance to remove the ransomware from their Macs before it encrypts their data.
Palo Alto provides removal instructions on its website. Once the encryption process starts, files can not be recovered unless the victim pays the ransom or backs up his data.
Researchers who looked at the ransomware source code report that KeRanger includes incomplete features that future Time Machine files will target, making it impossible to retrieve the files from system backups.
In addition, another incomplete feature will allow hackers to execute commands on infected computers, making KeRanger from ransomware and a backdoor for malware.
Apple, on the other hand, immediately withdrew the application signature certificate and updated XProtect antivirus to protect future victims of the threat.
On the other hand, Transmission application developers removed the malicious application from their site and released a new version for Mac, the 2.91 version.