Apple/Mac Users, Beware: Ransomware Attack Reveals Security Risk

What's Hot

How to Cut the Cable TV Cord in 2017Family

8 Major Freebies and Discounts You Get With Amazon PrimeSave

8 Creative Ways to Clear ClutterAround The House

Study: People Who Curse Are More HonestFamily

This Free Software Brings Old Laptops Back to LifeMore

Pay $2 and Get Unlimited Wendy’s Frosty Treats in 2017Family

The 3 Golden Rules of Lending to Friends and FamilyBorrow

6 Reasons Why Savers Are Sexier Than SpendersCredit & Debt

Resolutions 2017: Save More Money Using 5 Simple TricksCredit & Debt

Porta-Potties for Presidential Inauguration Cause a StinkFamily

Protecting Trump Will Cost Taxpayers $35 MillionFamily

Tax Hacks 2017: Don’t Miss These 16 Often-Overlooked Tax BreaksTaxes

5 New Year’s Resolutions That Will Pay Off 10 Years From NowCollege

10 Simple Money Moves to Make Before the New YearFamily

The KeRanger attack was not as big as it might have been, but it should be a big wake-up call for Mac users. Here's the scoop.

You’re going to see a lot of headlines about a nasty ransomware program named KeRanger that tries to extort Apple/Mac users by encrypting their files and charging ransom for the unscrambling key. Infected users must pay the virus creators today or risk losing use of their data. Here’s what you need to know: The threat to you is almost certainly quite small, unless you believe Mac users are immune from this kind of thing. If that’s the case, the threat to you today is still quite small, but tomorrow …. I’d be worried.

First, who has to worry about KeRanger? At the moment, it appears the only users at risk are BitTorrent users who downloaded (and later installed) the “Transmission” torrent client from its official website after 11 a.m. PST on Friday and before 7 p.m. PST on Saturday. Those who installed anytime recently from a third-party site are also at risk. If you are one of those people, you probably know who you are. (Here’s a link to the Palo Alto Networks information page with instructions on how to find and remove KeRanger.)

As a subgroup of a subgroup, the number of real infections is probably quite low, and statistics posted by F-Secure’s Mikko Hypponen bear that out.  At the moment, KeRanger isn’t among the most populous ransomware programs detected by F-Secure.

What’s the real threat from KeRanger? Complacency.

Mac OS users — Apple product users in general — have for a long time enjoyed what was undoubtedly a safer, more protected platform than that provided by competitors like Microsoft or Google. Apple keeps tighter control of the software that can run on its products, which is both a blessing and a curse. Essentially, Apple must bless all software from third parties before it can be installed on Apple products. That’s great, until it’s not.

Two things happened to make KeRanger a reality. First, the attackers somehow intercepted users trying to install the Transmission app and substituted their own booby-trapped, look-alike software — probably by hacking the download site. Second, and much more important, the attackers somehow obtained a digital certificate issued by Apple — the blessing — that the rogue software was safe. Without that certificate, the software would not have been installed on victims’ computers.

Now that the malware has been discovered, Apple has revoked that certificate and the danger for new consumers has been mitigated, because the software generally can’t be installed.

But criminals were able to get around Apple’s certificate process, which is really important. It will happen again.

Mac and iPhone users have long enjoyed the comfort of knowing that software they install on their computers is (probably) safe, because Apple is watching out for them. That’s still true, but if your confidence is shaken by this story, good. Criminals are almost certainly coming for you, warns Hypponen.

“Mac finally seems to have large enough market share so that ransom malware gangs feel like it’s worth their time to target it,” he wrote about the attack.

Third-party verification is a critical element of software security; fake third-party verification is a critical trick in a hacker’s toolbox. Criminals who want to attack Mac users have now shown, in the real world, that they can create malicious software that Apple “blesses” for installation. Most Internet consumers are smart enough to avoid installing random software from random places no matter what platform they use. But to be attacked when installing software from a known source that is approved by Apple? Well, that’s a pretty effective attack.

It should be obvious that this is an unavoidable problem of having a central authority that approves software (or anything). One scary reality of TSA Pre-check at an airport, for example, is that it works great until someone who wants to do harm gets approved for travel by TSA Pre-check. That would give the attackers carte blanche at any airport security checkpoint.

Certificate-based attacks have been around for a long, long time. Here’s a 2002 story (that’s 14 years ago) about VeriSign being tricked into issuing certificates in the name of Microsoft.

More recently, it’s obvious criminals are sniffing around the Apple app certificate ecosystem; here’s word of an attack last fall that managed to install software on iPhones tricking Apple’s program that allows corporations to issue third-party certificates for apps.

It’s important to note that, by all accounts, Apple has cleaned up this mess with great speed and effectiveness. But heed Hypponen’s warnings, Mac users. The criminals are coming. And now we know they have some way of getting around Apple’s certificate process. Choose your downloads carefully.

Stacy Johnson

It's not the usual blah, blah, blah

I know... every site you visit wants you to subscribe to their newsletter. But our news and advice is actually worth reading! For 25 years, I've been making people richer without making their eyes glaze over. You'll be glad you did. I guarantee it!


Read Next: Apple to Pay $400 Million in Refunds to E-Book Buyers

Check Out Our Hottest Deals!

We're always adding new deals and coupons that'll save you big bucks. See the deals to the right and hundreds more in our Deals section.

Click here to explore 1,819 more deals!