Security researchers are warning Mac users of fresh malware variants created specifically to target Apple computers.
Although experts have termed the malware “far inferior” than the WannaCry ransomware attack that infected millions of Windows PC last month, it can cause “real damage” as it encrypts victim’s files and can retrieve personal information.
The malware were discovered by the security firm Fortinet and AlienVault on a portal, presented as a shopfront on “dark web” network. In a blogpost, Fortinet revealed that the creators behind the attacks are “engineers at Yahoo and Facebook with extensive experience in software development.”
Fortinet says that the program is for those who want to covertly retaliates another Mac user or earn easy money from friends and family.
On the portal on dark web, the creators urged those willing to use the program to get in touch and provide details of how they wanted the malware to set up. To dig out more, Fortinet pretended themselves as buyers and soon received a malware sample from the creators.
“Observing the time of the responses, it gave us a hint that the author might be in a different time zone since the reply came back late at night,” Forinet wrote on its blogpost.
In their analysis, Fortinet uncovered four features of the malware. First, the malware is completely invisible to typical Mac users until scheduled execution time; Second, once installed they will be no digital trace that can be associated with you. It can be configured to run at any time in the future or when another person plugs in an external drive; third, 128-bit industrial standard encryption algorithm leaves the target no option but to purchase decryption software, and lastly, the target’s entire home directory will be encrypted in under a minute.
“A typical 2015 13-inch 256GB MacBook Pro with 50GB free space will take at most 1 minute to be encrypted. It will be slower on older and less powerful Macs,” Fortinet said.
The malware can be targeted to ask for an infinite amount, but with a condition— to split payments made by ransomware victims— demanded by creators. “Each program will be associated with a unique Bitcoin address. Once we received the payment, we will send 70 per cent of it to yours (customers) Bitcoin address and we keep the remaining 30 per cent.”
According to a statistics report by MCAfee, there are about 450,000 malware targeting Apple computers, far less than 23 million malicious programs targeting windows. Still, experts are warning Mac users to be extra cautious now.
“OS X continues to grow in market share and we can expect malware authors to invest greater amounts of time in producing malware for this platform, AlienVault researcher Peter Ewane wrote in a blogpost.
