It’s an emerging and noticeable trend. Cybercriminals are getting busy repurposing good old malware techniques to target the ever-growing Mac computer user base.
We’re starting to see techniques ranging from the primitive, like the very first Microsoft Word macro attack we spotted last month, to advanced crossover threats, such as the Mokes trojan that made the rounds last year.
Combine this trend with the current ransomware boom and we should expect to see more crypto-locking Mac malware variants sprouting out in the near future.
Take this latest threat, for example – a new ransomware variant was discovered last week and it appears to have been written on a Mac to specifically target Mac computers.
ESET reports that this crypto-locking malware, detected by various security software as OSX/Filecoder.E, OSX/Filecode-K or OSX/Filecode-L, was written entirely in the Swift programming language. Swift is the coding environment used by developers for the Apple macOS, iOS, watchOS and tvOS systems.
As if having your files locked is not trouble enough, this new malware was found to be so poorly written that its author never bothered to give it any means to communicate with an external command and control (C&C) server. It stores files in an encrypted zip archive with a single encryption key, but check this out, without C&C communication, the key never gets sent to the attackers.
This means that even if the victims do pay the Bitcoin ransom, the criminals can’t bring the locked files back. Oops.
This shoddily made piece of malware is distributed via BitTorrent channels and goes by the name “Patcher.”
Three versions have been reported to be floating around; one pretends to be a cracking tool for Adobe Premiere Pro, the second one masquerades as an Office 2016 cracking tool and a third appears to be an app called Prova.
This is just one more good reason why everyone should stay away from sites that offer pirated and cracked software. They’re like a box of chocolates,”You never know what you’re gonna get.”
Thankfully, Filecode is so haphazardly put together, it can be defeated easily without paying up. As long as you have even one original, unencrypted copy of the encrypted files, you can easily crack the encryption key yourself using the free tools available online.
According to Naked Security, a free ZIP cracking tool called PKCRACK can recover Filecode locked files in under a minute. Basically, once the encryption values for at least one file is cracked, all other files can be decrypted directly.
Still, even though it’s a half-baked effort, Filecode is a reminder that Macs can be profitable ransomware targets as well and cybercriminals are keenly taking notice. It’s always wise to think proactively by maintaining reliable backups of your files at all time, avoiding the installation of sketchy software and installing reliable security software on your chosen platform.