Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

KeRanger is a Mac version of the Linux Encoder Trojan

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

March 10, 2016

According to new research from security software firm Bitdefender, the world's first fully functional OS X ransomware, dubbed KeRanger, is really a Mac version of the Linux Encoder Trojan.

That isn't as a surprise to some in the internet security field, however. The infected OS X torrent update carrying KeRanger looks virtually identical to version 4 of the Linux Encoder Trojan that has already infected thousands of Linux servers this year.

KeRanger spread via an infected version of an otherwise legitimate open source BitTorrent application, Transmission. The tainted version (2.90) was available for download between March 4 and March 5, 2016 and came signed with a legitimate developer certificate.

To be sure, Apple's OS X operating system ships with a security feature called Gatekeeper, allowing users to restrict which sources they can install applications from in order to minimize the likelihood of deploying a malicious app.

The default setting allows users to install applications from the Mac App Store or applications that are digitally signed by a developer.

By using a developer certificate to sign their wares, hackers 'sitting' behind KeRanger were able to circumvent Apple's GateKeeper control.

Apple has since revoked the misused certificate, which was issued to a Turkish firm, so the immediate panic is over, but there's been some damage done, nevertheless.

But similar attacks along the same lines might easily re-appear, so merely disallowing unsigned software from running on Macs is no defense, really.

Overall, KeRanger isn't the first Mac malware with the capability to circumvent Gatekeeper. For example, in 2013 the same trick was used in a trojan (KitM.A) found on computers belonging to Angolan civil rights activists.

"Once the infected installer is executed, the Trojan connects to the command and control centers via TOR and retrieves an encryption key," explained Catalin Cosoi, chief security strategist at BitDefender.

"After the encryption finishes, the KeRanger ransomware creates a file called README_FOR_DECRYPT.txt, which holds the data on how the victim should pay the ransom. The encryption functions are identical to those deployed by the Linux Encoder Trojan and have the same names."

In October 2015, only Windows and Android smartphone users needed to worry about ransomware, but that has changed more recently so that Linux server admins and even Mac users need to be wary of potential security holes.

But as usual, Windows still remains the target of the greatest number of different ransomware strains and the main focus of the issue, as it is for other types of malware since its deployment in the field is in the hundreds of millions of devices spread all over the planet.

According to Bitdefender, the developers behind the Linux Encoder malware have either expanded to OS X or have licensed their code to a cybercrime group specializing in OS X internet attacks.

Source: BitDefender.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer