First ever OS X ransomware is here
Ransomware is a type of malware that infects your computer, encrypts your data and refuses to give you the key unless you pay its makers a sum of money.
According to the Palo Alto Networks security company, the first fully functional ransomware that operates on Apple’s OS X has been discovered and named “KeRanger”. There goes the myth that there is no malware aimed at Apple’s personal computers!
Transmission BitTorrent client installer for OS X was infected just a few hours after installers were initially posted on March 4 and anyone who downloaded Transmission 2.90 around that date may have infected their OS X machine with the KeRanger malware. Soon after the infection was discovered, Transmission released a new version of its client, Transmission 2.92, which should be malware-free.
Two KeRanger-infected Transmission installers were signed with an Apple-issued certificate but it’s not clear how the malware-infested installers ended up on Transmission’s website. The developer listed this certificate is a Turkish company with a different id than the developer ID used to sign previous versions of the Transmission installer.
The certificate was later revoked by Apple, so trying to run an infected version of Transmission will result in a warning dialog being shown that states: “Transmission.app will damage your computer. You should move it to the Trash.” Or “Transmission can’t be opened. You should eject the disk image.” In any case if you see these warnings, you should follow Apple’s instruction to avoid being affected.
KeRanger is not the first OS X ransomware. Mabouia was the first ransomware in the world targeting OS X but it was not fully functional, being more of a proof of concept that ransomware can be applied to Apple.