Ransomware was added to the update package of a Mac app for several days already. People downloading the Transmission app – an open-source BitTorrent client that wasn’t updated for two years – also got the KeRanger ransomware, timed to lock and encrypt files three days after installation.
It appears that the cybercriminals somehow obtained and misused a valid Mac app development certificate which enabled the ransomware to get past Apple’s Gatekeeper (the security protection system running on each Mac).
There are three major security points that need to be remembered:
- Yes, Macs CAN get hit with malware. While the numbers of potentially infected Mac devices are quite small compared to all Windows PCs, the importance here is both psychological and operational – it is important for Mac users to realize that they are not simply invulnerable because they use a sleek device designed by Steve Jobs. And, along with this vulnerability they should start taking some operational precautions.
- Ransomware is going multiplatform. We now have samples of ransomware designed individually for the big three operating systems – Android, OS X, and Windows. So far, we haven’t seen a ransomware sample that can operate on all platforms at once but maybe that is next as there are some code languages that can be executed on different platforms. 2016 is really looking like the year of ransomware.
- Look out for the Achilles’ certificate. There have been certificate issues along the years in several different ways. If cybercriminals with their malware want to infect platforms like Apple OS, they will eventually find ways to bypass security policies. This latest effort had a misused developer’s certificate running as a valid application on the Mac environment. Certificates are misused with everyday Trojans for Windows systems. Overall, the certification system is an Achilles’ heel for IT security.