"Apple has since revoked the abused certificate, and Gatekeeper will now block the malicious installers."Īpple has also added the ransomware signatures to XProtect, a basic OS X anti-malware feature, while the Transmission Project removed the Trojanized installers from its website March 5, the researchers add. "We reported the issue to the Transmission Project and to Apple immediately after we identified it," the researchers add.
#RANSOMWARE ON MAC OS X SOFTWARE#
But because the malicious "Transmission.app" was signed with a legitimate Apple developer certificate, the software wouldn't have tripped the Apple operating system's Gatekeeper defense, which by default prevents unsigned applications from being installed, the Palo Alto researchers say.
The malware requires users to allow it to be installed. The ransomware, which they've dubbed "KeRanger," first appeared March 4, disguised as an RTF document inside installers for a popular, open source BitTorrent client called Transmission, Palo Alto researchers Claud Xiao and Jin Chen write in a March 6 blog post. See Also: Live Webinar | Remote Employees & the Great Resignation: How Are You Managing Insider Threats?
The first case of fully functional ransomware designed to infect and forcibly encrypt Apple OS X systems has been discovered in the wild, researchers at security vendor Palo Alto Networks warn.