The bad news for the victims is that they will not be able to recover their files, even if they pay the ransom.
MacOS ransomware is not common in the threat landscape, this is the second such malware discovered by the security experts after the researchers spotted the Keranger threat in March 2016.
The OSX/Filecoder.E MacOS ransomware masquerades itself as a cracking tool for commercial software like Adobe Premiere Pro CC and Microsoft Office for Mac. The fake cracking tool is being distributed as a bittorrent download.
The malware researchers noted that the ransomware is written in Apple’s Swift programming language and it appears to be the result of the work of a novice Vxer.
The MacOS ransomware is hard to install on the last OS X and MacOS versions because the installer is not signed with a developer certificate issued by Apple.
The OSX/Filecoder.E MacOS ransomware generates a single encryption key for all files and then stores the files in encrypted zip archives. Unfortunately, the malicious code is not able to send the encryption key to the C&C server before being destroyed, this makes impossible the file decryption.
The experts highlighted that implementation of the encryption process is effective and makes impossible to crack it.
“There is one big problem with this ransomware: it doesn’t have any code to communicate with any C&C server. This means that there is no way the key that was used to encrypt the files can be sent to the malware operators.” continues the analysis.
“The random ZIP password is generated with arc4random_uniform which is considered a secure random number generator,” “The key is also too long to brute force in a reasonable amount of time.”
At the time I was writing, the monitoring to the bitcoin wallet address used to receive the payment of the victims revealed that none has paid the ransom.
Experts believe that the crooks behind OSX/Filecoder. E are likely interested in scamming the victims instead of managing a botnet.
“This new crypto-ransomware, designed specifically for macOS, is surely not a masterpiece. Unfortunately, it’s still effective enough to prevent the victims accessing their own files and could cause serious damage.” closed the analysis.
[adrotate banner=”9″]
(Security Affairs – OSX/Filecoder.E MAC OS ransomware, Apple)
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
This website uses cookies.