When this object is automatically launched, it harvests machine-specific details and transmits these identifiers to the Command and Control server via Tor. Once the KeRanger ransomware ends up inside a Mac, it adds an executable disguised as ‘General.rtf’ file. Thankfully, the cert has now been blacklisted, so Gatekeeper is flagging the corrupt setups. The reason why the Gatekeeper solution failed to block these downloads is because the app featured a valid developer certificate, so the defenses simply didn’t identify the hazard on the initial stage. Obviously, the aforementioned vendor’s site had suffered a hack incident therefore the perpetrators were able to covertly substitute the original DMG file installer with an altered one carrying the harmful drive-by. At this point, the developer has put up a warning on their website with a recommendation to urgently upgrade to 2.92, which is a malware-free edition. The version of Transmission that’s unsafe is 2.90. The success of malicious payload serving is backed by the popularity of the latter application with Mac customers. The recently discovered infection called KeRanger is reportedly propagating over a mutilated downloader of the Transmission BitTorrent Client. It turned out these predictions weren’t too far off the actual state of things. In fact, a few months ago a JavaScript based crypto plague called Ransom32 emerged, which caused serious concerns in the expert circles because it could potentially run on platforms other than Windows. The worst nightmare of the Mac user community has come true as the first Mac ransomware campaign commenced last weekend. Remove KeRanger, the first known ransomware crafted for Mac OS X, learn how to avoid this assault and restore the files encrypted by this infection.
0 Comments
Leave a Reply. |