Home / Software & Gaming / Security / First ransomware to target Macs spotted in the wild

First ransomware to target Macs spotted in the wild

Even if the idea that Macs don't get viruses is one that lived and died with Justin Long, OS X still skates when it comes to the majority of malware out there. Not always though and a new piece of nasty ransomware that seals up files and folders with demands for Bitcoin, has shown up that goes after Macs specifically.

Ransomware is a malicious type of software that encrypts files and data on a user's system, often displaying a message shortly after that if the affected user pays a Bitcoin ransom to a specific address, they will be sent the decryption key to unlock their files. Although there is no guarantee that the people behind the attack will follow through on their promise, many people pay up any way, making it a very profitable practice.

With that in mind, it's no surprise that someone eventually built a nasty bit of software to do just that on Macs. This one is known as KeRanger and once an end user's machine is infected, it bides its time and waits three days before initiating its encryption attack (as per the Guardian). It even attempts to encrypt Time Machine backups, making it impossible to recover anything without paying.


KeRanger was able to bypass Apple checks by utilising a real developer ID certificate, which Apple has now pulled. The Cupertino company has also updated its XProtect anti-virus to look out for the malware.

In its first big push out into the wild, KeRanger piggybacked installs of the popular Mac torrenting application, Transmission, so if you've downloaded that particular piece of software in the last few days, there's a chance your Mac may be infected. The particular version of the software that unwittingly helped spread the KeRanger malware was version 2.90.

While v2.91 did not include the malware, it did not go so far as to delete it either. The new version does, so users are encouraged to install it.

Discuss on our Facebook page, HERE.

KitGuru Says: If you installed a new version of Transmission in the past few days, it would be worth backing up your most personal files and checking to make sure you aren't infected. Losing important documents and images could be devastating. 

Become a Patron!

Check Also

Group behind recent Nvidia and Microsoft attacks also breached T-Mobile

The LAPSUS$ group made headlines this year after a string of high profile attacks on …