- A piece of ransomware targeting the Mac has been making the rounds on torrent sites.
- The ransomware disguises itself as an app installer for Little Snitch.
- The software itself isn’t especially sophisticated but macOS users, as a general rule of safety, should refrain from downloading pirated software.
Mac malware doesn’t come along all that often, but when it does it tends to make headlines. The most recent instance of malware targeting Mac users is a piece of ransomware that comes disguised as an installer for the Little Snitch app. The installer link is currently making the rounds on torrent sites and was first noticed on a Russian forum, according to a report from Malwarebytes Labs.
It’s worth noting that the ransomware in question doesn’t appear to be particularly sophisticated compared to some other malware strains we’ve seen spring up in recent years.
“The malware got installed,” Thomas Reed of Malwarebytes notes, “but the attempt to run the Little Snitch installer got hung up indefinitely, until I eventually forced it to quit. Further, the malware didn’t actually start encrypting anything, despite the fact that I let it run for a while with some decoy documents in position as willing victims.”
In order to get the ransomware to start encrypting files, Reed notes that he had to move the time on his system clock ahead by three days, get off his local network, reconnect, and then restart his entire machine a few times in a row. So yeah, this isn’t exactly malware devised with NSA-level precision or sophistication.
What’s more, the encryption process itself wasn’t entirely smooth:
The malware wasn’t particularly smart about what files it encrypted, however. It appeared to encrypt a number of settings files and other data files, such as the keychain files. This resulted in an error message when logging in post-encryption.
Almost comically, the malware doesn’t even do a suitable job of alerting users how to pay to decrypt their files:
Although others have reported that a file is created with instructions on paying the ransom, as well as an alert shown, and even text-to-speech used to inform the user they have been infected with ransomware, I was unable to duplicate any of these, despite waiting quite a while for the ransomware to finish.
Ransomware can be particularly insidious and damaging, but this piece of ransomware thankfully isn’t as potent as it could otherwise be. Still, it’s not something you want on your computer by any means. The main takeaway, even though it should be obvious at this point, is that you should stay as far away from torrent sites as you can. It’s 2020, and there’s no reason in this age of streaming for anyone to put their machine at risk so they can download movies and applications. As a final point, it’s always good practice to keep a backup of all your important files on the off-chance you click on a malicious link or your machine just happens to spontaneously die on you.
Incidentally, this is the first piece of Mac ransomware we’ve seen in years. In fact, the first piece of ransomware targeting Mac users didn’t even surface until 2016.