Two New Macintosh Malware Threats Have Been Identified

Macintosh users have another cyber threat to worry about. It seems cybercriminals have taken a liking to exploit MacOS vulnerabilities these past few months. Two new strains of Mac OS X malware have been discovered, both of which are distributed through malware-as-a-service products on the darknet. One strain is a ransomware variant, whereas the other seems to spy on users in order to obtain sensitive information and login credentials.

Two New Macintosh Threats With Dire Consequences

These two new malware strains have quite some interesting aspects, to say the least. First of all, there is MacRansom, which is an obvious ransomware product. It can be found on the darknet in the form of a ransomware-as-a-service scheme, which means anyone can distribute the malware to Macintosh users all over the world. Even though this sounds quite appealing, it has become apparent there is still some work to be done before this malware can become dangerous.

To be more specific, the MacRansom service requires the developer to manually approve all clients and negotiate fees. Moreover, all ransomware samples are built manually, rather than automatically. This makes the service far less appealing compared to other ransom-as-a-service products on the darknet these days. In fact, one could argue this ruins the entire concept of ransomware-as-a-service, since there is no automation whatsoever.

To make matters even worse, MacRansom’s encryption keys are included in the source code. However, there are two encryption keys associated with the ransomware code, and one of the keys is lost once the encryption process is completed. It is also impossible to have files decrypted, as MacRansom uses no command & control server, which is quite odd. Plus, there is no payment page, but rather a request to victims to contact the author directly via email. All things considered, this is quite sloppy, and anything but professional.

The same flaws apply to MacSpy, the spyware component offered by the same developers. It is evident this type of malware has received even less attention, as the source code seems to be a copy of the information found on Stack Overflow. Additionally, the spyware payload is not digitally signed, which means security alerts will be triggered once it is running. This could have been easily avoided by the developers, but for some reason, they decided not to pursue this option.

All of this seems to hint at two types of Macintosh malware which may appear to be harmless. That is not the case, though, as MacSpy and MacRansom can inflict quite a bit of damage to users all over the world. Especially the ransomware strain is quite disconcerting, as paying the ransom will not result in the files getting decrypted. It does not appear there is a decryption tool available either, which creates a very odd situation.

Luckily, it does not appear MacSpy and MacRansom are actively distributed right now. It is only a matter of time until this happens, though, and it will be interesting to see if the developers come up with improved versions of both. It is impossible to deny the Mac malware market is expanding, which does not bode well for Apple users all over the world. It remains to be seen if this “market” will be profitable, though.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.