Researchers have discovered a new Mac ransomware circulating on a Russian torrenting forum, disguised as a Little Snitch installer.

Popular among torrenters, Little Snitch is a legitimate Mac application that allows users to monitor and filter network traffic – but in this case is being used as a front for a ransomware attack.

The fake installer is described as “attractively and professionally packaged”, and attempts to disguise its malware payload behind a legitimate Little Snitch installation. It also uses filenames that would not look out of place on activity logs at first inspection.

According to security firm Malwarebytes, the Mac malware is the first of its kind to be discovered in four years – and is only the fourth to be identified in the history of the operating system.

Mac malware

Although the fake installer is said to be convincing, the malware itself exhibits a number of eccentricities that inhibit its effectiveness.

For example, upon installation, the Mac malware failed to begin encrypting files, despite researchers allowing it to run for a significant amount of time. The malware only began to encrypt data after the system clock was meddled with and the computer restarted multiple times.

The malware is also not particularly stealthy, encrypting settings-related files that generate error messages and alter the appearance of the desktop when tampered with, alerting the user to the infection.

While some victims found the malware created a file containing instructions for paying the ransom, as well as generating a pop-up alert, researchers were unable to replicate these findings.

Although this particular Mac malware is somewhat clumsy in its execution, users will still want to avoid infection – especially as a decryption procedure is yet to be established.

“The best way of avoiding the consequences of ransomware is to maintain a good set of backups,” advised Thomas Reed, Director of Mac and Mobile and Malwarebytes.

“Keep at least two backup copies of all important data, and at least one should not be kept attached to your Mac at all times (ransomware may try to encrypt or damage backups on connected drives).”

Source Article