Mac users were Sunday rocked by an alert about malware. For the first time there ‘in the wild’ ransomware published for the Mac. In this article you read what risks you run and how you can protect yourself.
the malware was found to be hiding in some (not all) installers of version 2.90 of the Transmission for Mac . This is on the Mac one of the most widely used BitTorrent programs.
What is ransomware?
ransomeware block access to files on your computer. Only after payment you get the key to use the files. This can be very annoying when it comes to unique documents with important information such as a thesis or report to which you have been working for weeks. The ransomware mentioned is found in Transmission KeRanger.
This way of making their money is already longer for Windows. On the Mac it is the first time that ransomware is known on such a wide scale, though we do not know yet for sure how many people are actually affected. The harmful effects of malware is only noticeable from Monday, March 7th.
Apple protects you against malware through XProtect and Gatekeeper. Transmission has released the secure version 2.92.
What does KeRanger?
Some installers of version 2.90 of Transmission infected with KeRanger. If you install an infected update will KeRanger within 3 days encrypt virtually any data on the disks of your Mac. You will then receive a message with a link to pay the ransom of 1 bitcoin (about $ 400). After payment you will receive a code to unlock the files on your Mac again
When you run no risk
In the following situations you run no risk of contamination by KeRanger.?
- You’re using Transmission not. In this case there is also no risk of infection.
- You are still using version 2.84 of Transmission. This is an older version that you can continue to use. You can also update to the secure version 2.92, which is now available.
- You have installed version 2.90 of Transmission before Friday March 4, 2016. In that case, did you use a non-infected installer and there is nothing to worry about.
- You are already using version 2.92 of Transmission. In that case, you run no risk, even if you’ve had interim version 2.90. The safe version 2.92 include removes all malware KeRanger.
How does KeRanger?
The security experts of Palo Alto Networks have put a detailed explanation on the website, in which they explain how KeRanger proceed. The malware uses a valid, signed Mac Developer certificate, allowing them to bypass the security of Apple’s Gatekeeper. Since then, Apple has withdrawn the use of this specific certificate so KeRanger not cause any damage more.
This was to recognize infected installer Transmission 2.90 to an additional General.rtf file that looked like a plain text file. However, it proved an executable file in Mach-O format. The user did not notice that. After installation KeRanger adheres three days of quiet and then comes into action. The malware was created on March 4, so from Monday, March 7th, the KeRanger will be active. The malware will then start encrypting files on the hard drive of your Mac.
Who is at risk for infection KeRanger
The chance that you’re infected with KeRanger is quite small?. You must have installed version 2.90 of Transmission between March 4 and March 5 11:00 PST 7:00 pm PST. This means between Friday March 4th 20:00 hours Dutch time and Saturdays 16:00 Dutch time.
This also means that people who have installed immediately the Transmission update when we were there a week ago transferred, no risk.
The infectious update was distributed through the Transmission website. It is still unclear how the attackers were able to join KeRanger malware with an official update. Possible Transmission was victim of a hack, so the attackers could create an installer that was tampered with.
Can I Transmission now safely update
You can currently updating safely through the installer to be found on the Transmission website. The developers have now removed the infected installer and replace it with a secure version 2.92.
KeRanger remove the Mac, how does it work?
Do you updated between Friday evening and Saturday afternoon Transmission and am you afraid that you are infected, you need to install Transmission 2.92 as soon as possible. Do this before KeRanger is running on your Mac. Version 2.92 of Transmission automatically searches KeRanger malware and remove it
To see if your Mac is infected, you should take the following steps.
- Use Terminal or Finder to see if either of these files on your Mac are available:
/Applications/Transmission.app/Contents/Resources/ General.rtfor
/Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtfif this file is present , you need Transmission immediately remove from your Mac or update to the latest version
- Use the Activity Monitor on your Mac, to see if the following process is active.:
kernel_serviceDouble-click on it and looking for:
/ Users // Library / kernel_service Close this process off
- Make sure the following files are present in the ~ / Library folder:.
.kernel_pid, .kernel_time, .kernel_complete and kernel_service
if yes, please delete these files.
at the Palo Alto Networks website for more instructions if you are affected. However, the risk of infection is small. The instructions you only have to read one of the above files or processes are present on your Mac. At the beginning of this article, we explained the situations in which you do not have to worry
. <-! - START: Sharing buttons ->
No comments:
Post a Comment