Slashdot Mirror
Proof-of-Concept Ransomware Affects Macs (vice.com)
sarahnaomi writes: Ransomware, the devilish family of malware that locks down a victim's files until he or she coughs up a hefty bounty, may soon be coming to Mac. Last week, a Brazilian security researcher produced a proof-of-concept for what appears to be the first ransomware to target Mac operating systems (Mac OS X). On Monday, cybersecurity company Symantec verified the researcher's findings. "Mabouia is the first case of file-based crypto ransomware for OS X, albeit a proof-of-concept," Symantec wrote in a blog post. "It's simple code, I did it in two days," [said] the creator of the malware.
Great! You can encrypt some files. You're amazing!
Show me a zero-click network infection vector, then I'll be a little worried. Yes, I've already removed Flash and never installed Adobe Reader. No, getting me to execute an email attachment (after disabling Gatekeeper) doesn't count.
This is NOT a proof of concept of stealth ransomware using some 0-day exploit etc. You have to actually download it, choose to run it, close the warning box that is popping up to warn you exactly of this sort of software. That's where I stopped reading, I mean, most competent programmers can write a program that ransom your documents in two days. Heck, I bet there are some who in two days of coding could even manage to bundle in a multi-level FPS game. The hard part is to get ransomware to run without the user explicitly installing it.
Unless I am missing something, in which case you can enlighten me..
Violence is the last refuge of the incompetent. Polar Scope Align for iOS
to get his ransomware I have to download the file. launch it, give it administrator rights, type in my admin password.
ZOMG we are all gonna die!!!!!!
Come on, there has to be an exploit that get's completely around all security and can install silently on OSX. are these guys not trying?
Do not look at laser with remaining good eye.
If not for the ongoing application compatibility issues with El Capitan :)
Interview with the malware's creator: http://news.softpedia.com/news...
Yeah this story is a bit silly. What concept was proved, exactly, that Macs can run encryption software?
Still, it is a reminder that bad things can happen on any computer, so have regular backups, test those backups, and don't store the backups right next to your main system.
Lately I've seen a lot of people with "back ups" to read/write network storage, where the machine pushes it's backup to a network drive it can write to. No bueno. Ransomware will encrypt any accessible network drives too, so your "back ups" will be gone. Lightning, theft, flood, etc would also destroy these back ups at the same time that they destroy the primary machine. backups really need to be offsite and be pull, not push - if your machine SENDS backups, to storage it can write to, the bad guy is going to delete or those backups or take them hostage too.
Wow, that new company should get some lawyers ASAP because I'm quite sure Microsoft will sue them for using a company name similar to their own.
Fight for your bitcoins!
We already know that the typical Mac users is naive "there are no viruses for Mac!" and we also know there's a whole niche market of Apple users with more money than brains. I expect these people to haul in more money than the Windows ransomeware guys.
It is not "naive" to be aware that there are currently no "No user intervention required" viruses for OS X or iOS. It is the truth.
It IS "naive" to NOT be aware that there ARE a few (very few!) pieces of Malware that require a Social Engineering component and User Intervention to install. HOWEVER, Mac users are (justifiably) secure in the knowledge that, before these can infect more than a few dozen Macs, Apple will push out a detector-blocker into XProtect (which runs on every OS X machine running Snow Leopard or above, and gets updated automatically every 24 hours), and that will be that. And the interesting thing is that, the malware-writers know that, too; which makes Macs a FAR less tempting target than they would otherwise be.
Time Machine, instead of letting it sit in your I'll-get-to-it-someday pile of shit-to-do.
If Windows users are any indication, they might learn the value of backups by the third formatted hard drive.
Am I missing something, or is there not a single hole or bug being exploited here?
Are we...are we confirming that if a user downloads a program and actively grants it access, it can do things that programs are allowed to do?
For serious?
Obliteracy: Words with explosions
We already know that the typical Mac users is naive "there are no viruses for Mac!" and we also know there's a whole niche market of Apple users with more money than brains. I expect these people to haul in more money than the Windows ransomeware guys.
One potential problem - those Apple users with more money than brains also probably bought a Time Capsule backup device (because it's shiny and Apple says you need one and here's my credit card!), which means they've got constant incremental backups of all their files. Ransomware pops up, just roll back to pre-encryption.
If you ever wanted proof that the world is completely chaotic and that there is no God, the fact that ransomware exists is proof enough in my book.
http://gamehacking.org/vb/threads/12747-nensondubois-codes http://twitter.com/nensondubois_
They have had potential PDF/Font bugs resulting in buffer overflows etc. The core of OS X is Open Source so that's why you see all those bugs passing by. The problem is that besides theoretical attacks, no self-replicating virus that doesn't interact with the user has been created yet. Even Flash exploits have operated in browser jails since the Windows Vista era or been unable to go beyond "this program needs Administrator rights tor run".
Custom electronics and digital signage for your business: www.evcircuits.com
Not a lot of details, but seems to be yet another example of a malicious Microsoft Office macro virus. Requires the end user to open a malicious Office document, don't say how this leads to running the actual payload.
And I have oceanfront property in Arizona I can sell you.
The college I went to all the mac were like 2 dollar hookers that never used protection. As soon as you took out your usb device you would run to the 4 Windows cleaning stations to hopefully kill what the mac just gave to them. You didn't have to do anything just plug in the usb device and then eject it.
I know according to the Apple fans this is not true and never happen. They say it was the Windows systems doing this and then cleaning. But you can take the usb to another system and still find the same as the cleaning systems.
Where did I say that Macs could not be CARRIERS for WINDOWS viruses?!?
In fact, in the instance of Macs being used in an application like a "Computer Lab", I would most heartily recommend running something like ClamAV, SPECIFICALLY to avoid being a "vector" for Windows malware.
But you are just changing the subject if you think that means that the MACS were being affected by the WINDOWS viruses.
So, the blame goes to the IT Staff that was running the Lab; not the Macs, sorry...
One important detail is left out- by running this locally, he skips the part where it warns you about running stuff off of the net. And of course, it's not so much an OS X problem as it is a Microsoft Office problem, because that's the vector.
So OS X can be owned, if you skip OS warnings AND use a Mircosoft product to actually do the owning, which even then can't act at root. Good grief man.
So now the ransomware got ROOT? Why does it have root? Just because Windows UAC can be bypassed doesn't mean *nix machines like Mac have this problem.
Macs have a ton of open source in their guts, and you accuse them of security through obscurity? You'd better fucking be posting from Fedora or Debian, dude. Don't take that tone from a Windoze box.
Speaking as a 15-year Mac shareware publisher, most users dumb enough to install malware are too dumb to figure out how to disable Gatekeeper (on by default) to allow an unsigned (with Apple-issued certs) app to launch for the first time.
You have never met my niece. She calls me, on a fairly regular basis, to ask me to help her fix her Mac. I do not know why. Of all the times she's needed it repaired, I've only managed to solve the issue once. While I do, technically, own a modern Mac - I don't actually use it and I am pretty sure my daughter absconded with it when she last visited. So, I might not even technically own it any longer.
Anyhow, within a day of her first getting her Mac she had managed to install something called Mackeeper (I think?). It took some digging to find out that it was not some sort of malware protection but actually was the malware. How or why it got installed is a question I am not going to ask. It goes steadily downhill from there.
"So long and thanks for all the fish."
"to target Mac operating systems (Mac OS X)"
no shit, I thought they would target Mac OS 7.01, thanks for the clarification numbnuts
Apple users with too much money also have real time incremental backup in terms of time machine, have money to buy space on Dropbox, and have music backed up on Apple and Amazon. It might be worth $100 to some to buy the password and save the few hours it might take to restore a computer, but for many of us we simply will switch to our second or third Mac for use while the ransomed machine is restoring. I mean if you have a huge project that has to be completed that day and you are going to lose $1000 for every hour it is late, sure pay the ransom. But for most us, wipe the machine, restore, go about out lives, and laugh one again at the PC users that are too dumb to have an integrated backup solution.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Anyhow, within a day of her first getting her Mac she had managed to install something called Mackeeper (I think?). It took some digging to find out that it was not some sort of malware protection but actually was the malware.
It probably got installed due to the fact that the MacKeeper people plaster ads for MacKeeper all over the place (presumably only if your web browser's user-agent indicates you're on a Mac, though). These ads strongly suggest that installing MacKeeper will make your Mac more better in every possible way and that you should do download and install it right now because reasons.
Complete bunk, of course, but it can work on the right type of impressionable mind (i.e. "the computer said I should do this, so I'd better do it" -- not making the distinction between what the OS is recommending and what a third-party ad is recommending). I get a phone call from my mom every 6 months or so asking me if she should install MacKeeper or not -- I'm grateful that she knows to ask about it and not just blindly install it.
I don't care if it's 90,000 hectares. That lake was not my doing.
I'll just make sure she's got a subscription to Apple Care. She can call them. Thanks for the insight. I've never seen it advertised - probably due to my header information/user-agent which clearly identifies me as a Linux user. I kind of figured it was something along those lines - akin to the "you need codec to watch this movie" and appearing to be an official system application. It looked like a legitimate application as I was searching for it.
The call (I got several that day) involved her telling me that she wanted to install an AV. I asked why she'd want to do a silly thing like that. She told me that she did. I didn't argue. I recommended AVG as they have a free Mac version (I think it was AVG). She called back in a couple of hours telling me that MacKeeper wouldn't let her install it. So, I spent hours trying to figure out how to get MacKeeper to let her install it. It was no good. I then hit on some new search terms and followed those and figured out that MacKeeper was not, in fact, the GateKeeper thing that I'd heard about. (Why would I know?)
So, I called her back (again) and told her to uninstall it. She told me that that would be a bad idea. I hung up. She called back in about an hour and asked if she should really uninstall it. I told her that, at this point, I didn't really care if she did or not but that it probably wouldn't hurt anything to do so. I told her about a few of the links I'd read and she finally uninstalled it. Then, promptly, she installed an anti-virus application. No, I'm still not sure that she had good reasons for doing so. Note, good reasons. I'm sure she had *some* reasons for doing so.
I've had calls since and I generally am willing to Google for her, a little, but telling her to remove MacKeeper was eventful enough. The questions have gotten more bizarre as time has passed. I mean, yeah, I can sort of function in BSD-land? Technically, I own a MBP (somewhere, back home, and only if my daughter hasn't absconded with it). I did use an iPod for a while. I do own an iPad, somewhere - I think the daughter may have lugged that off too. I'm not actually sure where the iPod is but I don't think that one has been absconded with, it's like a 4th generation and only has something like 128 GB or something small - not prime "borrowing" material so the girl-child probably hasn't decided that she'd like it more than I would (I'm adjusted to this sort of behavior, it helps with my clutter, I guess).
I think the last time she called, the niece - not the daughter, she was hell bent on defragging. I suppose, technically, you get file fragmentation. While this is unlikely to be a problem (and the drive is an SSD, I do believe), I'm not entirely sure that any benefit gained from defragmenting a drive would be worth the read-write cycles. I told her this and that I knew of no way to defrag a drive in a Mac. She was hell bent on doing so, last I knew, and may well have accomplished her goal by now, for better or worse.
I don't know where she gets this lack of ability from. The rest of the family is fairly technical. She hung out with my kids and, well, those kids had me as a father - they've had a computer since they were born. She's always had a computer as well. I think she twatters her tublerinabookspace stuff and goes through about three email addresses a week. She's never, to the best of my knowledge, ever checked her email for anything other than account signups (I'm assuming she must) and has never actually configured an email client - to the best of my knowledge. If she were my child, I'd abort her. *stomps*
My kids are fluent, can program a little - including some scripting language work, and my daughter does use a Mac (and other Apple products) but she does actual work on it. She's finished med school and is now doing whatever it is they do when they meander off to slave in an ER for four years. The boy child, bless him, is actually quite a geek and gamer but he's smoking pot and sexing a beautiful native in Peru. He went there on a summer project and has ye
"So long and thanks for all the fish."
I manage 1200 windows systems at my work. The only infection i ever had to fight in the last 3 years was a "User-intervention-required" virus. Your point being?
The post in question talks about how the ransomware will blow away the backup (yet another thing that has been going on in Windows for years, and in Linux/Apple/BSD never, right along with the ransomware itself- he's presupposing ways to add features to the Apple ransomware product that doesn't exist and can't work). Pretty sure that requires root.
Pretty sure that anyone talking this line of cocaine from a Windows box is high as fuck anyway tho. "So, pretend that this worked, instead of not working. And pretend that it didn't involve downloading a thing, and using a microsoft product, and pressing ok to all the prompts. And then pretend that, like in the Windows universe, it also wiped out your backup, because I guess you elevated it too. Just like Windows man. Just like."
Nice straw man you have there. The OP was describing the number of naive Mac users who have heard - and believe/repeat - the message that Macs aren't affected by malware. (Even if OP used the word "virus.") Which you seem to also acknowledge is BS. Those of us who aren't fanbois have heard this story time and again from uneducated Mac users, and Apple itself intentionally clouded with the "Macs don't get PC viruses" marketing bullshit.
I think that at this point, most users, even "naive" Mac users, are aware that Trojans exist, and that no amount of AV can protect you from being click-happy.
However, OS X's FIFTEEN-YEAR unblemished record stands: No Malware that did not require User Intervention to perform the initial infection, period. That isn't fanboiism. That isn't naivety. That's a fact.
And it is not "marketing bullshit" to state that Macs don't get Windows viruses. It is an important marketing distinction, especially when used under the auspices of their "Mac vs. PC" campaign.
And what you disingenuously don't point out is that Apple was careful to add the disclaimer (small, and at the bottom, like all disclaimers) that no computer was completely immune from attack. I can't find a copy of the original webpages; but the disclaimer was much like this one from the "OS X Security" Page, that states:
"While no system can be 100 percent immune from every threat, OS X lets you do even more to keep your information as safe as possible."