The misconception that Apple’s Mac OS is not as prone to malware as Microsoft’s Windows operating system has been taking a beating follwing recent events involving a ransomware threat. While Ransomware has been common for the Windows operating system for a while, it’s only recently that a security researcher has made a proof-of-concept dealing with its potential capabilities for the Mac OS.
From Proof-of-Concept to Mass Infection
Brazilian security researcher Salema Marques managed to demonstrate that a ransomware threat could pose serious concerns to Apple’s users. Although the ransomware had limited capabilities at the time, the researcher demonstrates that users could still face paying a serious amount of money to unlock access to their files.
While the research was first made available in January 2016, it wasn’t until March 2016 that malware coders actually found the right set of circumstances to deliver the fully weaponized version of the ransomware for Mac users. Using a tampered Mac torrent client, the attackers were able to bypass Apple’s Gatekeeper with stolen developer certificates to sign the tampered version of the torrent client.
To this end, more than 6,000 people might have fallen victim during a single weekend, according to the Transmission’s developers. Dubbed KeRanger, the Mac ransomware was actually identical to the Linux.Encoder ransomware threat that attacked Linux operating systems for the first time, just months back, in late 2015.
Money drives Cybercrime
Although it’s not the first time Macs have encountered malware, the ransomware incident is particularly interesting because cybercriminals have been making millions of dollars from Windows ransomware. A Mac variant would allow them to attack a segment that was previously unexplored.
In late 2015, ransomware was estimated to have caused $325 million in damages after infecting hundreds of thousands of computers. A ransomware study in early 2016 showed that more than 50 percent of ransomware victims actually paid the attackers to regain access to their computers, including many who were more worried about losing their personal files than their work-related data.
The cybercrime community is expected to seize this new Mac opportunity and start developing, delivering and infecting victims. The malware-as-a service (MaaS) industry has been extremely prolific for malware coders willing to sell their work to the highest bidder and, considering the new opportunity with Mac ransomware, it stands to reason that they’ll start developing and selling more such threats.
It’s entirely possible that future Mac ransomware will also develop new features that will not only make it more difficult to remove, but add functionalities aimed at forcing victims into paying.
How to stay safe
While dodging traditional Windows-ransacking ransomware is somewhat straightforward, things become complicated for Mac as Apple’s Gatekeeper usually boots out any untrusted applications. However, the KeRanger ransomware managed to get past that with stolen developer certificates, which means users are strongly encouraged to only download applications from the official App Store.
Developers that host their own signed applications on their own websites are also advised to beef up security to prevent cybercriminals from taking over their website and starting to disseminate tampered versions of their software.
This article is brought to you in association with Bitdefender.