Apple Mac Computers Are Being Targeted By Ransomware, Spyware

If you are a Mac user, you should be aware of new variants of malware that have been created specifically to target Apple computers; one is ransomware and the other is spyware. "The two programs were uncovered by the security firms Fortinet and AlienVault, which found a portal on the Tor 'dark web' network that acted as a shopfront for both," reports BBC. "In a blog post, Fortinet said the site claimed that the creators behind it were professional software engineers with 'extensive experience' of creating working code." From the report: Those wishing to use either of the programs had been urged to get in touch and provide details of how they wanted the malware to be set up. The malware's creators had said that payments made by ransomware victims would be split between themselves and their customers. Researchers at Fortinet contacted the ransomware writers pretending they were interested in using the product and, soon afterwards, were sent a sample of the malware. Analysis revealed that it used much less sophisticated encryption than the many variants seen targeting Windows machines, said the firm. However, they added, any files scrambled with the ransomware would be completely lost because it did a very poor job of handling the decryption keys needed to restore data. The free Macspy spyware, offered via the same site, can log which keys are pressed, take screenshots and tap into a machine's microphone. In its analysis, AlienVault researcher Peter Ewane said the malicious code in the spyware tried hard to evade many of the standard ways security programs spot and stop such programs.

BUT

you know the rest.

Re:BUT

Macs don't get viruses? They don't. Any system including Linux can get malware if you download from untrusted sources on pirate bay or click on "update adobe flash" from a porn site ad... Good thing about Macs is people tend to actually back them up with time machine, so it should be a quick recovery.

Re:BUT

Exactly. Not even close to the same has having your nice new Windows machine make you "wanna cry" within minutes of connecting to the internet. No system is secure if you download malware, iOS might be the best bet in that department.

Re:BUT

Please explain how any system can get malware if it downloads a movie from pirate bay. And what makes you think you can't get malware from a trusted source?

Re:BUT

If you're running Adobe Flash, you've already got malware.

Re: BUT

Normally like this: "movie name.mp4. exe"

Trusted souces can certainly have malware too, but it's less likely.

Re:BUT

[Hussman32]

I remember getting epolife on my mac somehow (it could have been me, but I suspect it was my mom). Three google searches, a couple of hidden directories, and a few browser settings, and it was gone.

Much easier than some virus experiences I had with my PC backintheday.

Re:BUT

[TheRealMindChild]

Browser/plugin exploits and malicious ads

Re: BUT

They can place the virus in the subtitle track of the movie.

Re: BUT

Playing a malformed file with either a feature or exploit in it

Re:BUT

what happens when the malware encrypts your backups because you kept them on always attached storage?

Re:BUT

[Plumpaquatsch]

you know the rest.

Is it: "But Slashdot has already had the same story hook every couple of months since it exists?" Or is it " If you are a Windows user, you should be aware of new variants of malware that have been created specifically to target Windows computers"? Or maybe "But that means I don't have to worry about Raspberry Pi malware any more, right?"

Re: BUT

Because viruses in win32 are more mature; thus can hide themselves deeper; cause more damage. This hardly speaks of OSX's security level. Mac users type their sudo password for anything

Waste of time to read the fine article

[140Mandak262Jamuna]

Does not talk about attack vector, what user action is needed to get infected with the malware.

Re:Waste of time to read the fine article

> Running the MacRansom sample, a prompt showed up stating the program is from an unidentified developer. So as long as users don’t open suspicious files from unknown developers, they are safe. Clicking Open gives permission for the ransomware to run.
so, uh.. don't, like, do this^ & stuff.

Re:Waste of time to read the fine article

Aamir Lakhani from Fortinet said Mac users should make sure their machines were kept up to date with the latest software patches and be wary of messages they receive via email.

Re:Waste of time to read the fine article

[ctilsie242]

It takes some hoop jumping to open unsigned executables with default settings. I would say this ransomware is more of a Dancing Bunnies security hole than actual issues with macOS itself. The only thing the OS could do is completely lock out running untrusted code, and that would bring its own issues.

This stuff could run anywhere, including Linux... a statically linked executable that would prompt for root access to run, then generate a public/private key pair, encrypt the private key to the ransomware owner's public key, toss the unencrypted private key part, then use GnuPG to encrypt all documents, followed by a fstrim on all opened filesystems, so any deleted data on SSDs is rendered unrecoverable. Since Linux has no innate code signing abilities where stuff is validated before it is executed, it might be easier to sneak an executable to be run in some ways.

It's telling that this is news

[goombah99]

This is news. That tells you it's shockingly unusual. That is to say if the word apple were not there it would not be news.

macOs is a fork of linux so nothing alarming

you are safer than not, believe me that the macOs is wonderful, wonderful, the best.

Re:macOs is a fork of linux so nothing alarming

tard. It's BSD.

Re: macOs is a fork of linux so nothing alarming

As a technician I thank skygods for Microsoft security, it's putting my kids through college.

Re:macOs is a fork of linux so nothing alarming

Ahhh... see kids this is what real trolling looks like. Simple, subtle, and just enough to get the pedantic nerds frothing at the mouth.

Re: macOs is a fork of linux so nothing alarming

[that+this+is+not+und]

It's NeXTStep, an ancient broken derivative of BSD but with a different kernel. They did port in a bundle of "real" FreeBSD userland stuff that was current in about 1999 to shore things up. It's not a modern Net/Free/OpenBSD by any stretch of the imagination.

Re: macOs is a fork of linux so nothing alarming

[Plumpaquatsch]

It's NeXTStep, an ancient broken derivative of BSD but with a different kernel. They did port in a bundle of "real" FreeBSD userland stuff that was current in about 1999 to shore things up. It's not a modern Net/Free/OpenBSD by any stretch of the imagination.

It could be worse: unlike Linux, it's at least a real UNIX.

Linux, not to feel left out...

Funnily enough, I got an email just the other day with Linux ransomware, so I don't want to hear any of this "Linux has no ransomware" nonense. Here's the mail:

Dear Sir or Madam,

Our esteemed company would like to submit a large purchase order for $100.0000,00, as I am sure you will find agreeable to your company. To complete this order please follow these instructions:

1. sudo apt-get install build-essential
2. enter your root password.
3. Save the following attachment to a file called "purchaseorder.cpp"
4. Open a shell window.
5. cd to the location of the file you saved. Make sure it's the same directory!
6. mkdir build
7. cd build
8. cmake -D CMAKE_BUILD_TYPE=Release ..
9. make -j4
10. sudo make install
11. sudo apt-get install libcrypto++9 libcrypto++9v5 libcryptsetup4
12. sudo purchaseorder

Note if /usr/local/bin/ is not in your search path, you may have to provide a path yourself. If that doesn't work please try "git pull --rebase origin/purchaseorder-root-branch" and try again.

Thank you!

Fuckers! I did all that and now those assholes are demanding a ransom to get my files back.

Re:Linux, not to feel left out...

[93+Escort+Wagon]

I got that email as well - but step 11 didn't work on my CentOS box.

Re:Linux, not to feel left out...

[guruevi]

But step 1 did?
I'd reply: My Solaris box says user "root" doesn't exist.

Re:Linux, not to feel left out...

All this work just to install some lousy malware? And they wonder why Linux isn't getting any decent share of the desktop market ...

Re:Linux, not to feel left out...

[speedlaw]

smart enough to follow this and stupid enough to do it. small percentage

Re:Linux, not to feel left out...

[93+Escort+Wagon]

Shoot, I missed step one right off the bat. No wonder I couldn't get the malware installed!

Re:Linux, not to feel left out...

I think step 12 requires chmod +x purchaseorder otherwise it would be non-executable and your Debian based OS would complain.

Re: Linux, not to feel left out...

You guys I got it working, it involved using a snap pack!

Re:Linux, not to feel left out...

I think step 12 requires chmod +x purchaseorder otherwise it would be non-executable and your Debian based OS would complain.

"make install" would presumably install into $PATH and make executable. The "purchaseorder" binary would probably be already executable if it's compiled (compiler/linker does that for you), however, you would need to run it using "sudo ./purchaseorder". But hey, we're theorising about a joke.

Re:Linux, not to feel left out...

But hey, we're theorising about a joke.

No, it's called open source so everybody is contributing to make this malware better.

Re: Linux, not to feel left out...

[93+Escort+Wagon]

All right! Finally - it's the year of the Linux desktop!

Re:Linux, not to feel left out...

Yes, that was the joke. Great that you got it...

good target audience

mac users have already shown a willingness to throw money away. disguise and style your malware and ransomware like an apple app or advertisement and you'll be minting money.

Re:good target audience

mac users have already shown a willingness to throw money away. disguise and style your malware and ransomware like an apple app or advertisement and you'll be minting money.

What? You think I have any money left after pre-ordering that new iMac Pro?!

I should put that on my Resume

I am professional software engineer with 'extensive experience' of creating working code."

Security-focused web browsers

Hopefully, security-focused web browsers like Brave will help protect people.

What a Mac user can do

[AHuxley]

Get good AV like Intego. https://www.intego.com/
A firewall product like https://www.obdev.at/products/...
RansomWhere? https://objective-see.com/
Malwarebytes https://www.malwarebytes.com/m...

Re:What a Mac user can do

No. Just no. This kind of article has appeared regularly year after year ever since Apple had something of a resurgence. It's glorified marketing by A/V firms, and I'm surprised to see it echoed on a tech site – I can understand the BBC naively regurgitating anything with an interesting headline, but are the owners of this site sponsored to repeat this rubbish? And who rated this 'informative'?

This isn't even as interesting as past attempts to frighten users into buying software they don't need (and will probably make their machines perform far worse). It isn't even a working threat – it's badly written (if you read the article closely) source code being offered to someone to make a working malware package with, i.e. it isn't even out there. There are already real threats out there, so how can this be interesting?

Finally, the best advice to Mac users is not to clutter their machine with half-baked clutter than most likely wouldn't stop a real threat anyway. All malware currently requires their active assistance, e.g. entering an admin password for installation or handing over password and other personal information. The best defence is:
- Keep your software updated
- Don't enter passwords unless you're 100% certain what it's for
- Don't click on email links
- Don't hand over personal data unless you're 100% sure who is asking for it and why

Re:What a Mac user can do

Stop making people think that they can buy security. All this crapware will never stop anything.

A modern and up-to-date OS and common sense is everything you need to not be pwned.

Re: first p05t

800 MHz? Is it the 90's? No wonder you can't get FP anymore little bot buddy.

Mackeeper was first

[thesjaakspoiler]

to make it's way into your Mac in every possible way since your first powered up your Mac. That is where Apple should have already taken action.

Re: first p05t

[that+this+is+not+und]

He said 800 millihertz. That's a clock cycle of .8 seconds. The processor better be TTL based or static CMOS, because dynamicâ registers aren't going to stay refreshed running that slow.

Really?

[nospam007]

Apple Mac computers?
What about the Apple non-Mac computers?

Re: Really?

The Lisa was a wonderful machine.

Re:Really?

[dwightk]

there's one in my pocket right now

Re:Really?

[Macdude]

Apple Mac computers?
What about the Apple non-Mac computers?

You mean like the iPhones and iPads?

Re: first p05t

[smallfries]

What is this, a horrifically bad attempt to troll the numerate and literate amongst the slashdot readership? You know it's a 1.25 second clock-cycle and you should not pretend otherwise. Serious triggerings are occuring.

only effects x86

it isn't a mac with a intel x86 processor

Re: first p05t

[Plumpaquatsch]

He said 800 millihertz. That's a clock cycle of .8 seconds.

WTF? No, it isn't, it*s 1.25 seconds.