MAC Tech: Hackers are selling Mac ransomware that could cause ‘real damage’
The idea that Mac computers are more secure than Windows machines might be a myth.
Security researchers have found two types of malicious software which apparently target Macs for the first time.
Ransomware — malicious software that encrypts your data and
then demands payment for decryption — is more commonly a problem for
Windows users, but it’s also recently been a growing problem for Macs.
What’s still less common on Macs is ransomware-as-a-service (RaaS) schemes.
These are essentially affiliate models, where attackers use
someone else’s ransomware package to launch an attack. They then hand
over a cut to the ransomware author. The advantage is that you don’t
need to be particularly tech-savvy to launch an attack by using someone
else’s code. Attackers haven’t bothered targeting Macs, because most
people use Windows.
It looks like that’s changing.
Research firm Fortinet found a RaaS programme
called MacRansom advertised on the dark net, and while the programme
doesn’t sound all that sophisticated, could still do “real damage.” We
first saw the news on the BBC.
Fortinet’s researchers contacted MacRansom’s creators
directly and received a message back. The creators claimed to be
engineers for Yahoo and Facebook and that they were making their malware
available “for free” because more people were buying Macs.
“Unlike most hackers on the darknet, we are professional
developers with extensive experience in software development and vast
interest in surveillance,” the anonymous authors wrote.
These are probably tall claims. Fortinet analysed MacRansom
and described it as “far inferior” to equivalent programmes that target
Windows machines, but said it could still cause mayhem.
“It doesn’t fail to encrypt victim’s files or prevent access
to important files, thereby causing real damage,” the company wrote.
Fortinet advised Mac users to regularly backup their machines and be suspicious when opening unusual files.
Another set of researchers at AlienVault discovered more malware created by the MacRansom authors — this time malicious software that reads your files.
MacSpy was advertised similarly to MacRansom, and claimed to
hoover up victims’ files, offer access to social media accounts, and
disguise itself as a legitimate file.
AlienVault’s researchers said as more people buy Macs, there’ll be more instances of targeted malware.
They wrote: “While this piece of Mac malware may not be the
most stealthy program, it is feature rich and it goes to show that as OS
X continues to grow in market share and we can expect malware authors
to invest greater amounts of time in producing malware for this
platform.” According to Netmarketshare figures, more than 90% of the world’s computers run Windows. The second most popular operating system is Mac OS at 6%.