Security researchers working for Apple for the first time ever blocked a cyber attack aimed at Mac users. The attack was planned through a file encrypting malware called “KeRanger” which was wrapped into Transmission– a free MAC BitTorrent Client.
After the successful implant of the ransomware, the cyber attackers were planning to infect all Mac users who visited the website with KeRanger.
So, Apple immediately blocked the file encrypting software and also notified on its Transmission website that all those people who downloaded the 2.90 version of the client should immediately upgrade to 2.92 version.
It was unclear how the hackers managed to break into the servers of Transmission’s official website and replace the original version of files with re-complied malicious versions. What’s more astonishing is that the tampered version of Transmission was signed with a legitimate Apple developer’s certificate. So, if Mac user’s settings are set to allow downloads from identified Apple developers, the person may not see a warning from Apple’s Gatekeeper that the application could be dangerous.
On Friday last week, Palo Alto Networks notified Apple about the ransomware presence on Transmission and Apple immediately responded by revoking the certificate and updating it’s XProtect Antivirus Engine.
According to some sources from Palo Alto, KeRanger incubates for three days after installation before connecting to a remote command and control server using the TOR system. It is coded to encrypt more than 268 types of files. And as soon as the files are encrypted a ransom of 1 bitcoin or $404 is demanded.
KeRanger appears to also try to encrypt files on Apple’s Time Machine which is the consumer backup drive of Apple.
Apple has officially announced that the impact of the ransomware has been nullified on time….all thanks to the alert issued by Palo Alto- an enterprise level security firewall provider.