SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Darkweb Hackers Begin Offering Functional Mac Malware and Ransomware as a Service

Posted on June 29, 2017

With the popularity of both ransomware and the creation of macOS malware on the rise with hackers, Apple users face a growing number of threats. It now appears that others have turned their attention to the creation of new malware to spy on Mac users — but these programmers have gone a step further. Rather than developing a tool and deploying it personally, they have taken to the dark web to offer their products for sale. Known respectively as MacSpy and MacRansom, the hackers provide the malware to users while operating a centralized web portal. The authors’ continued involvement is why this threat is often called malware- or “ransomware-as-a-service.”

Both MacSpy and MacRansom are free in their basic forms, with more advanced capabilities requiring an unknown payment. The free nature of the software means we could see threats developing from these programs in short order. Both seem robust and fully featured. MacSpy, for example, is classic spyware: it runs a keylogger, takes screenshots, and searches for all kinds of personal data to steal. MacRansom uses a unique encryption method that makes it functionally difficult to recover files after locking, and seems to run rapidly.

The free version of MacRansom limits the number of files it will encrypt — so it is at least not as threatening as other forms of ransomware. However, we can safely assume the “full” version of MacRansom would rapidly encrypt all a user’s files. The demanded ransom of 0.25 bitcoins would currently translate to about $600 to $700. Whether the ransomware-as-a-service providers would keep a portion of that as a fee is unknown.

Similarly unknown is how this malware can spread. At present, it has no way to spread on its own, so purchasers will need to develop their own deployment methods. The availability of these programs serves as a good reminder to avoid strange attachments and to be cautious of downloads on the web. While we will have to keep a close eye on this development, the current impact of MacSpy and MacRansom is hard to gauge.

What is clear, though, is the fact that more malware authors are turning their attention to Apple products. These malware authors specifically point out the lack of macOS malware as a motivation for writing these programs. We can expect that mentality to continue to grow. For now, the best protection is the same as always: create regular backups and scan actively with anti-malware software.

Join our mailing list for the latest security news and deals