Jump to content
  • LockBit ransomware may target Mac devices

    alf9872000

    • 354 views
    • 3 minutes
     Share


    • 354 views
    • 3 minutes

    The LockBit ransomware gang is targeting Mac devices with its malware. The group has an infamous track record for attacking Windows, Linux, and virtual host machines such as VMware ESXi.

    LockBit ransomware for Mac payload spotted by experts

    The Mac version of LockBit was spotted by the folks at MalwareHunterTeam. The archive that they analyzed contained a file that was called Locker_Apple_M1_64, which suggests that the ransomware is targeting Apple Silicon M1 systems.

     

    The security experts investigated a sample of the malware's archive, which was uploaded to VirusTotal on March 20th of this year. The findings also revealed that a LockBit ransomware for PowerPC Macs exists. Security researcher, Florian Roth, spotted an earlier report of the malware from December 2022. Vx-underground, which hosts malware source code and samples, also confirmed that the first payload of LockBit ransomware for Mac has surfaced online. The analysts also pointed out that the Mac ransomware has actually existed for about 6 months, since November 2022.

     

    LockBit-ransomware-for-Mac-payload-spott

    Security researchers say that the ransomware is not ready for deployment

    Numerous reports from other security researchers claim that the LockBit ransomware for Macs is likely a test version. Azim Khodjibaev of Cisco Talos stated that their research suggests that the ransomware is not ready for deployment.

     

    Patrick Wardle, another macOS security expert, echoed the sentiment, saying that the encryptor is not in a completed form. He mentioned that the Mac malware is a basic version based on the Linux build, and doesn't run easily on macOS. In case you didn't know, ransomware tools encrypts the data on impacted computers. LockBit's current Mac version is also not capable of bypassing TCC (Transparency, Consent, and Control) in macOS. The researcher also explained in a blog post that the malware crashes due to a bug in its code. A snippet of the ransomware contained strings related to Windows artifacts, which shows that the code was originally written for Windows. Some of these strings were shared among other versions that targeted other platforms, meaning that the malware has a shared codebase. Wardle says that in its current form, the malware cannot infect macOS, and that users do not need to be worried about the safety of their Macs.

     

    Brett Callow, a threat analyst at Emisoft, also chimed in, saying that there is no evidence to indicate that LockBit's macOS variant has been used in a cyberattack. But he acknowledged the fact that the hackers compiling a macOS version does show their intention of targeting Macs.

     

    This was later confirmed by LockBitSupp, a representative of the ransomware gang, who told BleepingComputer that the group is indeed working on a version for Mac. So, while that may sound, there is no reason to panic right now, as the malware isn't ready yet. LockBit has offered its services to other attackers via its ransomware-as-a-service (RaaS) model, so it is possible that some cybercriminals could use it to target Mac users.

     

    few months ago, the LockBit ransomware gang released a free decryptor for a children’s hospital in Canada, after a "rogue member" attacked the healthcare organization. While we are talking about security stuff, a recent report by Citizen Lab and Microsoft revealed details about how a Pegasus-like spyware called Reign was used for targeted attacks on iPhones.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...