back to article Mac ransomware author is giving away malicious code to script kiddies

Security researchers have discovered a ransomware variant that targets Macs rather than Windows PCs. Although technically inferior to most current ransomware targeting Windows, it still encrypts or prevents access to victim's files, thereby causing real damage, according to researchers at Fortinet. MacRansom uses symmetric …

  1. Your alien overlord - fear me

    Either a very lazy malware writer or someone whose using the Apple store method of taking a third from hard working spam artists.

    1. Steve Davies 3 Silver badge


      Nah. More like, "If 30% is good enough for Apple then it is good enough for me"

    2. Anonymous Coward
      Anonymous Coward

      Or more likely the script kiddies get caught. He / She does not.

    3. Anonymous Coward
      Anonymous Coward

      Given how unsophisticated the average Mac user is

      They could skip the actual encrypting of files, just move them to some obscure directory, and probably get the same payment rate.

      1. Midnight

        Re: Given how unsophisticated the average Mac user is

        A hacker group known as "The Genius Bar" has been engaged in this kind of ransomware-as-a-retail-service for almost sixteen years.

  2. Mike Moyle

    So the owner is franchising... I wonder if he's gone full SpAmway and offered a percentage of profits to his downline from anyone that THEY recruit.

  3. Anonymous Coward
    Anonymous Coward

    The role of the script kiddie is restricted to distributing the nasty using booby-trapped emails or direct installation.

    AFAIK, booby-trapped email doesn't really work on a Mac (unless it's with using Outlook, in which case it would not surprise me at all).

    The author discourages drive-by download attacks

    Again, not a known problem on macOS but I may be mistaken so I'd welcome a link or the name of a nasty that would achieve that. Key to security is separating fact from fiction, yet remain open to new developments.

    1. Anonymous Coward
      Anonymous Coward

      Re: AFAIK

      Glad you don't work for our IT team

      1. Anonymous Coward
        Anonymous Coward

        Re: AFAIK

        Glad you don't work for our IT team

        Facts, facts, facts.

        Which OSX/macOS virus exists (now or past) that would execute as soon as you'd open in Apple Mail?


        1. Anonymous Coward
          Anonymous Coward

          Re: AFAIK

          They're probably meaning something with .doc/.pdf/.whatever, but tested + functional on OSX. There are known PDF exploits (since patched), .zip exploits, etc that work on OSX.

      2. Doug Petrosky 1

        Re: AFAIK

        1) It is true. Macs can be compromized.

        2) This article is out of date and meaningless becasue Xprotect was updated 6/7 to kill these programs.

        So are some mac users a bit too smug about mac vunerabilities? Sure! But can you see why? First you have to be fooled into providing your authentication password and then within days (a week before the press started trying to get click's from screaming the sky is falling). Apple quietly forces out a fix that blocks the software entirely.

        We are smug because we can be.

        1. Anonymous Coward
          Anonymous Coward

          Re: AFAIK

          We are smug because we can be.

          No. There is never an argument for smugness, at best you can argue for feeling relieved that you do not have to spend quite such a large amount of resources on keeping the platform safe, but smugness is ill advised because that suggests a feeling of safety that you are advised to lose ASAP.

          Macs take a lot less effort to keep safe, but you still have to put some effort in, and there is simply no argument for dropping your guard.

          I understand the sentiment you want to express, but it's dangerous. Safer does not equal safe. Even Linux is not immune.

  4. Robert Helpmann??

    Putting the Win in Windows

    The ransomware only encrypts a maximum of 128 files...[and] is being offered through a ransomware-as-a-service delivery model...

    Poor Mac users! They only get some of their files encrypted. Looks as though Windows users get the best service after all.

    Please see icon before sending virtual glares or worse my direction.

  5. Herby

    New acronym... CCaaS

    Cyber Crime as a Service.

    Available here just distribute for me and get paid. Unlimited earning potential. Work from home. Suckers born every minute.

    Oh, and to keep up with current trends... IRS coming soon to knock on your door, and remote fix available. Just pay here.

    Will it never end? I suspect not if money is on the table.

  6. Anonymous Coward
    Anonymous Coward

    Let's see how many of my fellow mactards don't back there shit up and WankCry over this shit.

    Seriously anyone that gets caught by this BS should just have their computers taken off them and a big STUPID tattooed on their face.

    1. wayward4now
      Paris Hilton

      Nor should they be allowed to breed. The human race is already dumber than we know. And, getting dumber.

  7. Brian Miller

    Help for Script Kiddies

    Aw, come on, someone's finally thinking of the children! Just because they're a bunch of malevolent miscreants doesn't mean that someone shouldn't throw them a bone.

    Really, though, there's been malware kits available for some time. The next bot army should have something like Docker, so that the herder can rent time for nefarious calculations.

    Come to think of it, when the robot revolution happens, how many will be infested with malware?

  8. Justin Clift

    > Come to think of it, when the robot revolution happens, how many will be infested with malware?

    It'll probably be malware that either causes, or organises, it.

    Hmmm, "robot revolution" would pretty clearly fit the definition of malware wouldn't it? :D

  9. vinyl1

    How can they do this without the admin password?

    I suppose they might be able to encrypt files the logged in user has R/W access to, but they couldn't encrypt any other files.

    If you run your web browser on a 'nobody' account with no privileges, they couldn't even do that.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like