Apple/Mac Users, Beware: Ransomware Attack Reveals Security Risk

What's Hot

2 Types of Black Marks Might Vanish From Your Credit File SoonBorrow

6 Ways the Obamacare Overhaul Might Impact Your WalletInsurance

7 Dumb and Costly Moves Homebuyers MakeBorrow

This Free Software Brings Old Laptops Back to LifeMore

Obamacare Replacement Plan Gets ‘F’ Rating from Consumer ReportsFamily

Beware These 12 Common Money MistakesCredit & Debt

21 Restaurants Offering Free Food Right NowSaving Money

17 Ways to Have More Fun for Less MoneySave

House Hunters: Beware of These 6 Mortgage MistakesBorrow

30 Household Uses for Baby OilSave

25 Ways to Spend Less on FoodMore

Nearly Half of Heart-Related Deaths Linked to These 10 Foods and IngredientsFamily

5 Surprising Benefits of Exercising Outdoors in WinterFamily

10 Ways to Save When You’re Making Minimum WageSave

Boost Your Credit Score Fast With These 7 MovesCredit & Debt

7 Painless Ways to Pay Off Your Mortgage Years EarlierBorrow

The Most Sinful City in the U.S. Is … (Hint: It’s Not Vegas)Family

The True Cost of Bad CreditCredit & Debt

10 Companies With the Best 401(k) PlansGrow

This Scam Now Tops ID Theft as the No. 2 Consumer ComplaintFamily

6 Stores With Awesome Reward ProgramsFamily

6 Ways to Save More at Lowe’s and The Home DepotSave

6 Healthful Treats for Your DogFamily

New Study Ranks the Best States in the U.S.Family

Thousands of Millionaires Moving to 1 Country — and Leaving AnotherGrow

Strapped for College Costs? How to Get the Most From FAFSABorrow

6 Overlooked Ways to Save at Chick-fil-AFamily

Ask Stacy: What’s the Fastest Way to Pay Off My Mortgage?Borrow

Where to Sell Your Stuff for Top DollarAround The House

8 Ways to Get a Good Price on a Shiny New AutoCars

Ask Stacy: How Do I Start Over?Credit & Debt

Secret Cell Plans: Savings Verizon, AT&T, T-Mobile and Sprint Don’t Want You to Know AboutFamily

30 Awesome Things to Do in RetirementCollege

14 Super Smart Ways to Save on TravelSave

The Rich Prefer Modest Cars — Should You Join Them?Cars

You’ll Soon Pay More to Shop at CostcoSave

10 Ways to Save When Your Teen Starts DrivingFamily

The KeRanger attack was not as big as it might have been, but it should be a big wake-up call for Mac users. Here's the scoop.

You’re going to see a lot of headlines about a nasty ransomware program named KeRanger that tries to extort Apple/Mac users by encrypting their files and charging ransom for the unscrambling key. Infected users must pay the virus creators today or risk losing use of their data. Here’s what you need to know: The threat to you is almost certainly quite small, unless you believe Mac users are immune from this kind of thing. If that’s the case, the threat to you today is still quite small, but tomorrow …. I’d be worried.

First, who has to worry about KeRanger? At the moment, it appears the only users at risk are BitTorrent users who downloaded (and later installed) the “Transmission” torrent client from its official website after 11 a.m. PST on Friday and before 7 p.m. PST on Saturday. Those who installed anytime recently from a third-party site are also at risk. If you are one of those people, you probably know who you are. (Here’s a link to the Palo Alto Networks information page with instructions on how to find and remove KeRanger.)

As a subgroup of a subgroup, the number of real infections is probably quite low, and statistics posted by F-Secure’s Mikko Hypponen bear that out.  At the moment, KeRanger isn’t among the most populous ransomware programs detected by F-Secure.

What’s the real threat from KeRanger? Complacency.

Mac OS users — Apple product users in general — have for a long time enjoyed what was undoubtedly a safer, more protected platform than that provided by competitors like Microsoft or Google. Apple keeps tighter control of the software that can run on its products, which is both a blessing and a curse. Essentially, Apple must bless all software from third parties before it can be installed on Apple products. That’s great, until it’s not.

Two things happened to make KeRanger a reality. First, the attackers somehow intercepted users trying to install the Transmission app and substituted their own booby-trapped, look-alike software — probably by hacking the download site. Second, and much more important, the attackers somehow obtained a digital certificate issued by Apple — the blessing — that the rogue software was safe. Without that certificate, the software would not have been installed on victims’ computers.

Now that the malware has been discovered, Apple has revoked that certificate and the danger for new consumers has been mitigated, because the software generally can’t be installed.

But criminals were able to get around Apple’s certificate process, which is really important. It will happen again.

Mac and iPhone users have long enjoyed the comfort of knowing that software they install on their computers is (probably) safe, because Apple is watching out for them. That’s still true, but if your confidence is shaken by this story, good. Criminals are almost certainly coming for you, warns Hypponen.

“Mac finally seems to have large enough market share so that ransom malware gangs feel like it’s worth their time to target it,” he wrote about the attack.

Third-party verification is a critical element of software security; fake third-party verification is a critical trick in a hacker’s toolbox. Criminals who want to attack Mac users have now shown, in the real world, that they can create malicious software that Apple “blesses” for installation. Most Internet consumers are smart enough to avoid installing random software from random places no matter what platform they use. But to be attacked when installing software from a known source that is approved by Apple? Well, that’s a pretty effective attack.

It should be obvious that this is an unavoidable problem of having a central authority that approves software (or anything). One scary reality of TSA Pre-check at an airport, for example, is that it works great until someone who wants to do harm gets approved for travel by TSA Pre-check. That would give the attackers carte blanche at any airport security checkpoint.

Certificate-based attacks have been around for a long, long time. Here’s a 2002 story (that’s 14 years ago) about VeriSign being tricked into issuing certificates in the name of Microsoft.

More recently, it’s obvious criminals are sniffing around the Apple app certificate ecosystem; here’s word of an attack last fall that managed to install software on iPhones tricking Apple’s program that allows corporations to issue third-party certificates for apps.

It’s important to note that, by all accounts, Apple has cleaned up this mess with great speed and effectiveness. But heed Hypponen’s warnings, Mac users. The criminals are coming. And now we know they have some way of getting around Apple’s certificate process. Choose your downloads carefully.

Stacy Johnson

It's not the usual blah, blah, blah

I know... every site you visit wants you to subscribe to their newsletter. But our news and advice is actually worth reading! For 25 years, I've been making people richer without making their eyes glaze over. You'll be glad you did. I guarantee it!


Read Next: Apple to Pay $400 Million in Refunds to E-Book Buyers

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,898 more deals!