Security experts have uncovered new dangerous forms of ransomware and spyware targeting Mac computers.
According to reports, the new malwares are dangerous because their creators are letting anyone use them for free.
The two programmes were reportedly uncovered by the security firms Fortinet and AlienVault, which they found being sold at a portal on the Tor ‘dark web’ network.
Fortinet, in a blog post, said that MacRansom makes use of symmetric encryption with a hardcoded key that forcibly gains access to one’s files, same as with the most current ransomwares attacking Windows PCs.
The ransomware is technically weaker, according to cybersecurity firm, however, it can still keep victims from accessing their files. The ransomware can reportedly conceal up to 128 files, but it is still enough to cause real damage.
Those interested parties who want to use the programme had been urged to get in touch and provide details of how they wanted the malware to be set up.
Fortinet researchers pretended to be ransomware writers and got in touch with the creators.
“This MacRansom variant is not readily available through the portal. It is necessary to contact the author directly to build the ransomware. At first, we thought of it as a scam since there was no sample but to verify this we dropped the author an email and unexpectedly received a response,” said Fortinet in the blog post.
The malware’s creators had allegedly said that payments made by ransomware victims would be split between themselves and their customers.
“Observing the time of the responses, it gave us a hint that the author might be in a different time zone since the reply came back late at night (which could be morning for them). Also, on the first response the author said ‘June 1st midnight on your local time.’ They may have noticed the time difference when we emailed them. To verify the geolocation of the malware author(s) of this ransomware, we took a look at the original STMP header and found that the time zone they are in is GMT – 4.”
The Fortinet investigation revealed that it used much less sophisticated encryption than the many variants seen targeting Windows machines. However, they added, that any files affected by the ransomware would not be recovered because the creators did a very poor job with the decryption keys.
“A remarkable thing we observed when reverse-engineering the encryption/decryption algorithm is that the TargetFileKey is permuted with a random generated number. In other words, the encrypted files can no longer be decrypted once the malware has terminated – the TargetFileKey will be freed from program’s memory and hence it becomes more challenging to create a decryptor or recovery tool to restore the encrypted files,” wrote Fortinet.
Fortinet advised that to minimise the impact of ransomware attacks, it is ideal to do regular backups of important files and being cautious when opening files from unidentified sources or developers.
Meanwhile, there is also another strain of spyware created by the same author and is called the MacSpy. According to reports, it can capture photos, screenshots and audios, as well as access the browser history of the compromised Macs.