This story is over 5 years old.


Someone Is Offering Mac Ransomware on the Dark Web

New Mac malware might be a sign of things to come for Apple computer users.
Image: Bart Naus/Flickr

In the wake of the WannaCry, a flawed piece of malware that spread virally that could've done much more damage than it did, it seems like everyone wants to jump on the ransomware bandwagon.

And if you're a malware developer, what better place to try your luck if not with Mac computers, where mosts user still believe to be safe by default and perhaps have their guard down? That seems to be the thinking of an unknown cybercriminal who developed two new type of malicious software for Apple computers: MacSpy and MacRansom.


Despite some people's misguided beliefs—fueled in part by Apple's marketing—there's been plenty of Mac malware, even ransomware. But MacRansom and MacSpy show once again that bad guys are starting to target Macs more and more, even offering them as a service to others.

Read more: Hackers Make the First-Ever Ransomware for Smart Thermostats

At the end of May, an unknown cybercriminal, or group of criminals, launched two sites offering MacSpy and MacRansom as "services," meaning they marketed them as malware that they would sell and then offer support for. (The authors did not respond to a request for comment via email.)

BleepingComputer writer Catalin Cimpanu first spotted the sites. Some researchers, as well as security firms Fortinet and AlienVault, respectively, have since then analyzed the samples of the ransomware and the spyware or backdoor.

"In some ways, yes, it's kind of a milestone."

While both pieces of malware aren't that sophisticated, they prove that more and more malicious hackers want to target Macs.

"Cybercriminals are eyeing Macs, they're definitely a juicy target," Patrick Wardle, a security researchers who focuses on Mac computers, told Motherboard in a phone call. "I think it's a natural progression that's not that surprising to see. But in some ways, yes, it's kind of a milestone."

For Martijn Grooten, an editor at Virus Bulletin, this is yet another reminder that "there is common purpose malware for Mac too," although he's skeptical that we'll ever see it spread like it did with Windows PCs.


"[Users] should not assume that just because they're using a Mac they're inherently safe."

Wardle analyzed the ransomware and found it to be "lame" and developed by an "amateur" or at least someone with little experience with Mac malware. Wardle said that his free anti-malware tools, such as BlockBlock and Ransomwhere, were able to detect and stop the malware out of the box. Moreover, as Fortinet points out in their analysis, it seems like the malware actually isn't programmed to decrypt the files after payment.

Yet, Wardle added, the ransomware does use some techniques to try to stop researchers or security tools from detecting it, showing that criminals "are upping their game" when it comes to Mac malware.

"Apple continues to improve the security of them," Wardle said. "But Mac users should just be cautions, should not be not be overconfident, and should not assume that just because they're using a Mac they're inherently safe."

Subscribe to Science Solved It , Motherboard's new show about the greatest mysteries that were solved by science.