Research

Mac Ransomware

Written by Reflare Research Team | Mar 9, 2016 9:36:00 AM

Considering the highly developed nature of Mac OS and its users’ tendencies when updating, it is not surprising that malware attacks are usually less frequent than for other platforms. But that doesn‘t mean that this type of attack doesn’t happen.

First Published 9th March 2016

Ransomware attacks on Mac OS operating systems are now a thing.

3 min read  |  Reflare Research Team

A decade ago, owning a Mac protected you from almost all malware. In the last several years, Apple has gained market share in the desktop and mobile markets, which makes them more visible to hackers. This week, we saw the first ransomware attack on the Mac OS X operating system.

The malware was embedded in a common BitTorrent client named Transmission. What makes this hack interesting is that the hackers were even able to sign the malware with Transmission's certificate, which stopped it from being flagged as untrusted. Security experts suggest that an internal workstation for the company was likely compromised to get access to the security signing certificate.

Transmission was able to roll back the changes quickly, but a couple of thousand machines are likely to already have been infected before the breach was caught. Because of OS X's increasing market share, Mac users should be more alert and cautious when downloading software. Hackers will likely continue targeting OS X machines as they continue to be more prominent as workstation machines for individuals and corporations.

Unrelatedly, Apple continues to fight the FBI on requests to unlock an iPhone owned by one of the San Bernardino shooters. Encryption on the iPhone is virtually unbreakable. A new video was released that showed a workaround to the locked screen. By asking Siri a question, the video showed that the lock screen could be bypassed. It is questionable if it works with all iOS versions, but it was confirmed to work with iOS 9.

If hackers are able to bypass the lock screen with something as simple as a Siri command, it is likely breakable through other means. Hackers will attempt to find ways to bypass the screen using software methods.

The FBI continues to fight Apple on requests to unlock the San Bernardino shooter's iPhone, which it claims it cannot do. The iPhone has the ability to lock a phone should too many attempts be made on the passcode. This means the FBI cannot brute force the passcode without possibly losing the data stored on it.