“A new file-encrypting ransomware program for macOS is being distributed through BitTorrent websites, and users who fall victim to it won’t be able to recover their files, even if they pay,” Lucian Constantin reports for IDG News Service.
“Crypto ransomware programs for macOS are rare. This is the second such threat found in the wild so far, and it’s a poorly designed one,” Constantin reports. “The program was named OSX/Filecoder.E by the malware researchers from antivirus vendor ESET who found it.”
“OSX/Filecoder.E masquerades as a cracking tool for commercial software like Adobe Premiere Pro CC and Microsoft Office for Mac and is being distributed as a BitTorrent download,” Constantin reports. “It is written in Apple’s Swift programming language by what appears to be an inexperienced developer, judging from the many mistakes made in its implementation.”
Read more in the full article here.
MacDailyNews Take: Yeesh. Don’t download software from torrent sites.
Amazing how many assholes there are in the world willing to wreck havoc & cause misery for a few lousy bucks. Predator & prey.
A few lousy bucks! They are making millions!
No actually. The OSX.Ransom.FileCoder.E malware hackers are being surveilled by that anti-malware industry. So far, not one person has given the hackers ANY bitcoins. IOW: Their malware is so far a dud.
It doesn’t help of course that their malware doesn’t actually provide any Earthly way to UNencrypt the data it steals, meaning that there’s no point in handing over bitcoin anyway.
I wouldn’t be surprised if they wrote it.
It’s all relative. Maybe in totality but not individually.
Oh, like in politics!
Indeed.
I think writing code like that in a modern language, will come back to haunt you.
Swift signs the code, I would think, and therefor something that could be traced.
Just my guess – because I don’t really know.
Only if you tell it to (for example because you want to sell the software on the MAS). Plus malware writers can also use fake and stolen developer IDs.
The OSX.Ransom.FileCoder.E is actually signed with a security signature. Except it’s NOT an Apple signature. It’s a fake. OS X will notice and warn the user to NOT install the malware. But we all know about LUSERS…
If that is true, what does that say about Apple’s privacy stance? No conflict?
If you want to participate in the process of executing code you are supposed to submit to this validation process. I don’t think this is a privacy issue. It’s a code of conduct and seal of approval. You can still be anonymous, but forgo the validation.
Well you did say traceable…
Anyway, code is a form of speech, even Apple claimed this for themselves. Conflict deepens….
So a virus or trojan – is an example free speech in the same way as a ransom note or a note the the bank teller who mysteriously begins to hand you cash. I see this needs to be hammered out a bit. Some things need to be protected while others is a crime and punishable. Swift is just the language, by which it’s written. Code signing is just a way to easily show to us illiterate people, we can trust the document presented to us.
Nice attempt, but malware is actually criminal. It involves extortion, damage of property, trespassing, other forms of fraud….
You can’t legally talk to make a drug deal either.
The usual suspects are already citing this as “proof” that MacOS is no more secure than Windows.
http://www.silicon.co.uk/security/cyberwar/new-ransomware-campaign-targets-apple-mac-warns-eset-205954
This particular attack requires somebody to go onto BitTorrent and download software from an anonymous source with the specific intent to steal the intellectual property of commercial software companies by cracking their programs. The victim then needs to ignore any warnings from the OS that the program may be unsafe.
It is extremely unlikely to hit anyone who relies on dependable sources for software. It cannot even _possibly_ affect the average user who only downloads from the Mac App Store and sets his security accordingly.
Notably, most of the “experts” like ESET advising Mac users to install third-party anti-virus software are part of the anti-virus industry.
Malware naming actually has an entirely specific protocol… that nobody uses.
Meanwhile, anyone anywhere can name any malware whatever they like… and they do.
IOW: CHAOS.
OSX/Filecoder.E is actually, formally known as:
OSX.Ransom.FileCoder.E
The ‘E’ at the end means there are, according to someone, 5 variants of this malware and this is the fifth one.
Problem: I collect references for all Mac malware, and there aren’t any references I can find for OSX.Ransom.FileCoder.C or D. Someone forgot to share.
Problem: FileCoder isn’t the only name for this Trojan ransomware. Here are two other names:
KeLogger (apparently .E)
and
FindZip.A (Blame Apple, at least we think Apple is using FindZip.A to refer to FileCoder.E. No one yet knows for sure).
Anyway, Apple just updated their anti-malware system, XProtect, to detect and stop OSX.Trojan.XAgent.A (which has three other spellings), OSX.Trojan.iKitten.A (which is also called OSX.Trojan.MacDownloader.com) and OSX.?.Proton.A. No one so far has published anything about Proton.A, leaving is to wonder what it is.
So kill me, please.
🎃💥🔫
Oh and Apple has thus far forgotten to update their system for checking the version of Adobe Flash installed on Macs. They’re one version behind. That’s dangerous. Naughty Apple! – – IOW: Update Adobe Flash yourself NOW please.
Am I dead yet?
⚰💀👼
My pal Al found documentation about Proton.A here:
SIXGILL Threat Report
PROTON – A New MAC OS RAT 07/02/17
this has already been patched in XProtect..