For now, neither piece of malware — unimaginatively named MacRansom and MacSpy — can get past macOS’ Gatekeeper security function without triggering a user alert. But that could change as the malware gets more sophisticated, or if someone figures out how to trick users into installing the malware. What to do now: To avoid infection by these bugs, Mac users should validate every piece of software that tried to install itself on their Macs, and should run Mac antivirus software to catch what slips past Apple’s own defenses. MORE: Best Mac Antivirus Software Both MacSpy and MacRansom showed up on a cybercrime forum late last month, and appear to have been created by the same author, according to Bleeping Computer. Compared to their Windows equivalents, they’re rather clunky, but they do work — and their existence demonstrates that online criminals think there’s money to be made from Mac malware. With MacRansom, the malware creator seems to be starting a “ransomware as a service” business in which he creates malware, then franchises it out to budding online crooks who do the actual distribution and infection of victim machines. The creator gets a 30 percent cut of all revenue earned in exchange for keeping the malware running properly. Such arrangements are common in the Windows ransomware world, but this is the first time we’ve seen this kind of rent-a-ransomware targeting Macs. It permits even technically unskilled people to get involved in cybercrime. There is a catch, however, that for the moment would slow the spread of MacRansom. That’s because, as noted above, the targeted user has to authorize installation of MacRansom. However, other crooks have fooled victims by disguising malware as something you’d need to install to watch a video file or, heaven forbid, use pirated software. The malware creator could also “sign” MacRansom with an Apple developer certificate, which he could get from Apple with $99 and an email address. If he did so, Apple’s Gatekeeper software would let it install, no questions asked. Previous forms of Mac malware have gone this route, including the first known piece of Mac ransomware to appear “in the wild.” Victims infected by MacRansom will have a maximum of 128 files encrypted, and will see a ransom note that they have one week to “buy” decryption software from the ransomware creator for 0.25 bitcoins, about $700 at current exchange rates. After seven days, the note says, the victim’s decryption key “will be automatically removed from our server” and the files forever lost. “It is not every day that we see new ransomware specifically targeting Mac OS platform,” a Fortinet blog post says. “Even if [this] is far inferior from most current ransomware targeting Windows, it doesn’t fail to encrypt [the] victim’s files or prevent access to important files, thereby causing real damage.” Likewise, MacSpy won’t get past Gatekeeper without a user alert — for the moment. If it does manage to install, it will take a screenshot of the user’s screen every 30 seconds, capture photos being synced to the user’s iCloud account, record ambient sound even with the microphone switched off, grab browsing and download history from Chrome and Safari, capture clipboard contents (which often contain passwords) and possibly even log every keystroke the user types in. “People generally assume when they are using Macs they are relatively safe from malware,” noted a blog post from AlienVault, the California information-security firm that analyzed MacSpy. “This has been a generally true statement, but this belief is becoming less and less true by the day, as evidenced by the increasing diversity in Mac malware.”
macOS High Sierra Tips
Previous TipNext Tip
How to Download and Install macOS High SierraHow to Use Picture-in-Picture on a MacHow to Use Siri on Your MacHow to Use Optimized Storage in macOS SierraHow to Use Memories in the Photos App on MacHow to Use Messages in macOS SierraHow to Use Apple Pay in macOS SierraHow to Unlock a MacBook with Your Apple Watch
What Is Ransomware and How Can I Protect Myself?Best Cloud Backup Software for MacsFree Mac Security Tool Stops Apps from Snooping on You