New Mac ransomware discovered for the first time in four years

News
By published

Only the fourth Mac malware of its kind ever to be identified

(Image credit: Shutterstock / binarydesign)

Researchers have discovered a new Mac ransomware circulating on a Russian torrenting forum, disguised as a Little Snitch installer.

Popular among torrenters, Little Snitch is a legitimate Mac application that allows users to monitor and filter network traffic - but in this case is being used as a front for a ransomware attack.

The fake installer is described as “attractively and professionally packaged”, and attempts to disguise its malware payload behind a genuine Little Snitch installation. It also uses filenames that would not look out of place on activity logs at first inspection.

According to security firm Malwarebytes, the Mac malware is the first of its kind to be discovered in four years - and is only the fourth to be identified in the history of the operating system.

Mac malware

Although the fake installer is said to be convincing, the malware itself exhibits a number of eccentricities that inhibit its effectiveness.

For example, upon installation, the Mac malware failed to begin encrypting files, despite researchers allowing it to run for a significant amount of time. The malware only began to encrypt data after the system clock was meddled with and the computer restarted multiple times.

The malware is also not particularly stealthy, encrypting settings-related files that generate error messages and alter the appearance of the desktop when tampered with, alerting the user to the infection.

While some victims found the malware created a file containing instructions for paying the ransom, as well as generating a pop-up alert, researchers were unable to replicate these findings.

Although this particular Mac malware is somewhat clumsy in its execution, users will still want to avoid infection - especially as a decryption procedure is yet to be established.

“The best way of avoiding the consequences of ransomware is to maintain a good set of backups,” advised Thomas Reed, Director of Mac and Mobile and Malwarebytes.

“Keep at least two backup copies of all important data, and at least one should not be kept attached to your Mac at all times (ransomware may try to encrypt or damage backups on connected drives).”

TOPICS
Joel Khalili
Joel Khalili
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
SDUNITED AX835-025FF mini PC

This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
See more latest
Most Popular
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser