The malware then begins encrypting certain types of document and data files on the system. KeRanger then waits for for three days before connecting with command and control (C2) servers over the Tor anonymizer network. If a user installs the infected apps, an embedded executable file is run on the system.
CAN I DOWNLOAD DMG OUT OF APPLE STORE? MAC
The KeRanger application was signed with a valid Mac app development certificate therefore, it was able to bypass Apple’s Gatekeeper protection. It’s possible that Transmission’s official website was compromised and the files were replaced by re-compiled malicious versions, but we can’t confirm how this infection occurred. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site () Transmission is an open source project. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.Īttackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. We have named this Ransomware “KeRanger.” The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. On March 4, we detected that the Transmission BitTorrent ailient installer for OS X was infected with ransomware, just a few hours after installers were initially posted.
0 kommentar(er)
