Security firm Palo Alto Networks said in a blog post over the weekend that it found ransomware bundled into a popular Mac app. It’s believed to be the first-ever piece of malware developed for the platform.
The company noted that it detected ransomware that it’s calling ‘KeRanger’ on installers of Transmission, a free and open-source BitTorrent client for Mac. It isn’t clear how the attackers managed to compromise the app’s site and upload the infected files.
Once an unsuspecting user installs the infected app, KeRanger embeds itself in their system and goes to work encrypting certain types of data, including documents, images, audio and video files, as well as databases and email archives.
It then asks victims to pay 1 Bitcoin (about $410 at the time of writing) in order to decrypt and regain access to their files.
The developers behind Transmission have since updated their installers to ensure the ransomware is removed.
It’s scary to see hackers beginning to target OS X users with this sort of attack. Until now, they only went after Windows systems and mobile OSes. Last month, a hospital in Hollywood paid $17,000 to unlock their data after hackers held their files for ransom.
In this case, not only did the perpetrators manage to infect a well-known Mac app, but they did so using a valid Mac app development certificate.
It’s becoming clear that no one’s data is truly safe. However, the real danger is agreeing to attackers’ demands and proving to them that their malicious activity is viable and worth pursuing. At this point, the best way to protect yourself is to back up your data often.
We’ve contacted Apple for comment and will update this post when we hear back.
➤ New OS X ransomware KeRanger infected transmission BitTorrent client installer [Palo Alto Networks Research Center Blog via Reuters]