Skip to Content
Security & privacy

Beware of hackers exploiting iTunes to plant ransomware

As Apple moves its computers over to MacOS Catalina, the company has sidelined one of their oldest programs: iTunes.

Once the hub for all media on Macs, the program was recently split into three separate apps with all of the features and none of the bloat — but the story is different with iTunes on Windows 10. There, Apple has chosen to leave the program as-is, with only occasional software patches and bug fixes to keep it running.

This neglect led to a zero-day flaw in the software, and now hackers are using it to extort Windows users.

Ransomware targets major exploit found in iTunes for Windows 10

According to reports from ZDNet, researchers at cybersecurity firm Morphisec have discovered a zero-day exploit in iTunes for Windows that hackers have already started attacking with ransomware. Their discovery places the blame squarely on BitPaymer, a hacking group responsible for major ransomware attacks on Scottish hospitals in 2017 and several automotive companies in 2018.

 

Related: 7 great alternatives to iTunes

 

Morphisec claims the hackers are targeting an exploit found in Bonjour, a software component that comes bundled with iTunes and iCloud for Windows 10. Bonjour is designed to allow easy communication between Apple and Microsoft products on the same network, and hijacking it gives hackers a pathway straight to the heart of your computer system.

Once inside, the hacking group deploys their BitPaymer ransomware, which encrypts the files on your computer and demands a bitcoin payment in exchange for release.

Since the discovery, Morphisec has reported zero-day to Apple, and in response the company has released updates for iTunes and iCloud for Windows that address and patch the flaw.

How can I protect my PC from ransomware?

Because the exploit relies on Bonjour, updating iTunes or iCloud on your PC won’t be enough to completely protect yourself. You’ll need to uninstall iTunes, iCloud or both, then download programs again from scratch. The new versions Apple released include an updated version of Bonjour that’s free from the security flaw.

Here’s how you can uninstall these programs:

  • Click the Windows icon on the bottom left corner of the Start Menu.
  • Scroll down to “S” and click on “Settings.”
  • Click on “Apps.”
  • Locate iTunes and/or iCloud and click their icon. Click “Uninstall” to continue.
  • If prompted to restart, select Restart later
  • Locate and uninstall the following programs from this menu as well, in this order:
    • Apple Software Update
    • Apple Mobile Device Support
    • Bonjour
    • Apple Application Support (64 bit)
    • Apple Application Support (32 bit)
  • Then restart your computer

Once the software is removed from your computer, you’ll need to get the latest versions of the software that include the patches.

To download the latest version of iTunes for Windows, click or tap to visit Microsoft’s download page.

To download the latest version of iCloud for Windows, click or tap to visit Microsoft’s download page.

Bonus: Protect your system from ransomware with this secure backup

Frequently backing up your computer can effectively stop ransomware in its tracks. If your computer’s files are saved elsewhere, it won’t matter if your system is locked down or the files get deleted. All you’ll need to do is recover them from your backup. It’s the smartest way to protect your system from those who would try to harm or extort you.

For the most secure backup, we recommend IDrive — the only cloud storage solution Kim trusts.

Protect all your devices from ransomware in one low-cost IDrive account. Save 90% on 5 TB of cloud backup now. That’s less than $7 for the first year!

Komando Community background

Join the Komando Community!

Get even more digital know-how and entertainment with the ad-free Komando Community! Watch or listen to The Kim Komando Show on your schedule, read Kim's eBooks for free, and get answers in the tech forums.

Join Now