Ransomware is a type of malware that encrypts files on a computer, and then extorts users by demanding money for decryption keys. Early last month, security researchers discovered what is believed to be the first ever proof-of-concept (PoC) ransomware code targeting the Mac OS X. After analyzing the code, posted to an online forum, researchers from Mac security firm Intego determined that it is not a viable threat.
“All we have here is something that can lock access to the computer,” Peter James, spokesman at Intego, told SCMagazineUS.com on Tuesday. “It would need some way to get installed and, for now, that's not available.”
The PoC was actually created with code that was provided by Apple as part of its developer software, James said. Apple includes an API in its developer technology that can be used to create a tool called a “kiosk," which locks a user into an application or disables certain operating system functionality. The PoC does not encrypt files, but launches an application that implements the kiosk tool and locks the user's computer.
"It blocks the computer and you can't do anything more until you enter a code or password,” James said.
This PoC does not pose a serious threat, but its emergence should serve as a warning that malware writers are focusing their efforts on the Mac platform, James said. It currently does not have a way to get installed, but any trojan could be re-engineered to include this code and effectively deliver the payload.
Members of the Mac security community have obtained copies of the code so they can create protections for the emergence of this threat in the wild, Methusela Cebrian Ferrer, a threat researcher based in Melbourne, Australia, said in a blog post Tuesday.
Meanwhile, ransomware trojans have been a serious problem for Windows users for several years, Mikko Hyppönen, chief research officer at anti-virus firm F-Secure told SCMagazineUS.com on Tuesday.
Researchers at F-Secure previously infiltrated a cybercriminal network and found that some attackers are making tens to hundreds of thousands of dollars a month using the malware, Hyppönen said.
“They are really profitable for attackers,” Hyppönen said.
Mac users should “absolutely” be aware of this potential threat, he added.
“Mac users generally assume security problems don't apply to them," Hyppönen said. "That might just be the problem itself. So when there's something relevant, the user might not be as well prepared.”