Ransomware is a growing risk on Macs

Ransomware in particular and malware in general have long been seen by consumers, device makers and members of the cyber security community as threats that predominantly target Microsoft Windows-based PCs. This view is understandable.

Through the first quarter of 2016, Apple had only 7.4 percent global market share in PCs, according to IDC. While this number represents years of growth in Mac sales, it is still small compared to the number of Windows machines shipped by all other manufacturers. Even after setting aside the specific platform differences between Windows and macOS, there are simply far more PCs than Macs out there, making the former into more appealing targets of cyber attacks.

However, this does not mean that Macs are immune to malware. On the contrary, the recent rise in Mac market share as well as the growing synergy between macOS and iOS (the operating system of iPhones and iPads) has inspired a new wave of Mac-centric attacks. Let’s look at how ransomware has been a particularly active frontier for the energies of today’s cybercriminals.

Bad Transmission: How a torrent client revealed the Mac’s vulnerability to ransomware

Ever since the Mac App Store launched with OS X Snow Leopard in 2009, Mac owners have had several options for installing programs to their computers. They can restrict themselves to apps from the Mac App Store (all of which are prescreened by Apple), use that store plus any applications they get from around the internet that are made by Apple-identified developers or just download anything. The latter is the riskiest, but there is danger even from the second option, as the case of Transmission demonstrates.

Transmission is a popular open source torrenting client for Mac. Somehow, its website – from which anyone can download the app – was compromised briefly in early 2016, allowing a virus to be packaged with Transmission. Once downloaded, the virus would lie dormant for three days before opening a Tor connection to the internet, locking essential system files and demanding a ransom of 1 bitcoin (about $400).

Granted, the circumstances surrounding the Transmission incident are not easily replicable or even conducive to widespread exploitation across the macOS ecosystem. The exploit was not as simple as blasting out a bunch of phishing emails, but instead required end users to download the app at a specific time and actually run the program so that the virus could activate via Transmission’s features.

Cyber security lessons from the Transmission breach

The ultimate impact of the Transmission virus was limited. However, the event holds some important lessons for both Mac, PC and mobile users:

1. Don’t assume your platform is safe
A compromised torrent client should not have needed to be the security wake-up call for Mac users. Many past threats have demonstrated the risk to macOS, from the FAKEAV scam (which packaged malware under a variety of names such as MacSweeper and MacProtector) to the Flashback family of Trojans that targeted weakness in Java and Adobe Flash Player. Both of these were documented years ago by Trend Micro.

2. It is getting easier for threats to go cross-platform
According to Intel security research architect Craig Schmugar (who recently spoke to eSecurity Planet), cyber criminals are now sharing the source code for their malware, making it easier than ever for threats to migrate from PC to Mac. Compared to PC malware, Mac variants are still relatively simple, but with the right mix of design and delivery, they can inflict harm, as the Transmission flaw revealed.

3. Ransomware and executable files are especially problematic
There are plenty of ways for a Mac to get infected with malware. However, two of the most common as of 2016 are ransomware and any executable files that have been tampered with. DMG, PKG and AppleScript files are all worth keeping an eye on. Ransomware issues with Transmission and KeRanger demonstrate that it is possible to take a Mac’s file “hostage” and demand payment for their safe return.

Like any computing platform, macOS has its fair share of vulnerabilities to cyber crime. Don’t leave your Mac’s security to chance. Invest in security software today.

Leave a Reply

Your email address will not be published.