First functional ransomware Trojan discovered for Mac
March 2016 by F-Secure
Mac users a no longer safe and sound without proper protection. The newly discovered Keranger seems to be the first fully functional ransomware Trojan for the Mac platform. Ransomware is one of the most common threats on Windows computers, and Keranger brings the same functionality to the Mac.
Files on the computer are encrypted with a strong encryption algorithm and the malware contains a payment process enabling the victim to purchase decryption for 1 Bitcoin (currently about 370 €). A special feature in Keranger is that it is embedded in the Transmission BitTorrent client, which is signed with a valid developer certificate. This causes the system to consider it safe and allow installation.
It is unclear how Keranger has been able to infect the product. Another special feature is a 3 day delay before the ransomware strikes. The objective was apparently to allow enough users to download the trojanized version before its hidden payload becomes known. F-Secure triggers a generic detection on Keranger because of a commonly used software module. Users are encouraged to not install Transmission 2.90 and upgrade to version 2.92 immediately if 2.90 has been installed.
Whether this is only the first door that has opened Mac to other vulnerabilities remains to see. F-Secure Labs is monitoring the situation ongoing.