• Fri. Oct 13th, 2023

Mac Os Users in Danger, The New LockBit Ransomware Targets macOS

Avatar photo

ByEsme Greene

May 4, 2023
Mac Os Users in Danger, The New LockBit Ransomware Targets macOS
Esme Greene
Latest posts by Esme Greene (see all)

Ransomware is constantly improving and soon will be a serious threat to the cyber environment.

A team of cybersecurity experts known as MalwareHunterTeam has discovered new LockBit ransomware variants that have been created especially to attack Mac machines. This is the first notable ransomware attack that targets macOS vulnerabilities.

The researchers found a ZIP file on VirusTotal that appeared to include the majority of the most recent LockBit ransomware strains that are currently obtainable.

The package contained previously unidentified encryptors made for CPUs like macOS, ARM, FreeBSD, MIPS, and SPARC, even though LockBit primarily employs encryptors created for attacking Windows, Linux, and VMware ESXi systems.

What Is Inside the Ransomware

The “locker Apple M1 64” file in the archive is intended for use with newer Macs equipped with the Apple Silicon processor. Encryptors are also available for PPC CPUs, which are used in older Macs. The fact that “locker Apple M1 64” was submitted to VirusTotal in December 2022 should serve as a reminder that these samples have likely been in circulation for some time.

According to the inquiry, the encryptor has a list of 65 file names and extensions that are not encrypted. These include the Windows file and folder extensions “.exe,” “.bat,” “.dll,” “autorun.inf,” and others. The good news is that these encryption tools are probably not ready for use in actual attacks against macOS devices.

The Mac encryptor is also “currently being developed,” according to a LockBit representative (LockBitSupp). Cisco’s hypothesis that these builds are in the development/testing stage was also supported by macOS cybersecurity expert Patrick Wardle, who noted that the encryptor is far from finished as it lacks essential capabilities for securely encrypting Mac devices.

Cyber Security Representative Advises

The macOS encryptor is based on the Linux version and was produced for macOS with a few minimal configuration options, added Wardle in his twitter. However, the macOS encryptor crashed when Wardle attempted to launch it due to a buffer overflow fault in its code. You may find Wardle’s thorough technical examination of the new Mac encryptor on the Objective See website.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.