Ransomware is constantly improving and soon will be a serious threat to the cyber environment.
A team of cybersecurity experts known as MalwareHunterTeam has discovered new LockBit ransomware variants that have been created especially to attack Mac machines. This is the first notable ransomware attack that targets macOS vulnerabilities.
The researchers found a ZIP file on VirusTotal that appeared to include the majority of the most recent LockBit ransomware strains that are currently obtainable.
The package contained previously unidentified encryptors made for CPUs like macOS, ARM, FreeBSD, MIPS, and SPARC, even though LockBit primarily employs encryptors created for attacking Windows, Linux, and VMware ESXi systems.
What Is Inside the Ransomware
The “locker Apple M1 64” file in the archive is intended for use with newer Macs equipped with the Apple Silicon processor. Encryptors are also available for PPC CPUs, which are used in older Macs. The fact that “locker Apple M1 64” was submitted to VirusTotal in December 2022 should serve as a reminder that these samples have likely been in circulation for some time.
According to the inquiry, the encryptor has a list of 65 file names and extensions that are not encrypted. These include the Windows file and folder extensions “.exe,” “.bat,” “.dll,” “autorun.inf,” and others. The good news is that these encryption tools are probably not ready for use in actual attacks against macOS devices.
The Mac encryptor is also “currently being developed,” according to a LockBit representative (LockBitSupp). Cisco’s hypothesis that these builds are in the development/testing stage was also supported by macOS cybersecurity expert Patrick Wardle, who noted that the encryptor is far from finished as it lacks essential capabilities for securely encrypting Mac devices.
Cyber Security Representative Advises
The macOS encryptor is based on the Linux version and was produced for macOS with a few minimal configuration options, added Wardle in his twitter. However, the macOS encryptor crashed when Wardle attempted to launch it due to a buffer overflow fault in its code. You may find Wardle’s thorough technical examination of the new Mac encryptor on the Objective See website.