Malware News MacRansom and MacSpy Malware-as-a-Service Portals Put Mac Users on Alert

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
Security researchers have finally got their hands on samples of two new strains of Mac malware that have been offered through Malware-as-a-Service (MaaS) portals on the Dark Web for almost two weeks now.

Both portals were launched on May 25 and were discovered by your reporter during a routine scan of the Dark Web. The first site is named MacSpy and peddles Mac spyware, while the second is named MacRansom, and is renting ransomware in a classic RaaS scheme.
....
....
The number of Macs has grown, and so has the number of Mac-targeting malware. The launch of MaaS portals, even if hard to use as MacSpy and MacRansom, will drive more crooks towards the Mac userbase, and will lower the entry bar for some crooks and groups that had no previous experience with creating Mac malware.

A possible tool that might help users protect against Mac ransomware is called RansomWhere.
 

eonomia

Level 1
Verified
Sep 6, 2015
19
Apple Mac computers targeted by ransomware and spyware
Mac users are being warned about new variants of malware that have been created specifically to target Apple computers.
One is ransomware that encrypts data and demands payment before files are released.
The other is spyware that watches what users do and scoops up valuable information.
Experts said they represented a threat because their creators were letting anyone use them for free.
The two programs were uncovered by the security firms Fortinet and AlienVault, which found a portal on the Tor "dark web" network that acted as a shopfront for both.
In a blog,
Fortinet said the site claimed that the creators behind it were professional software engineers with "extensive experience" of creating working code.
Those wishing to use either of the programs had been urged to get in touch and provide details of how they wanted the malware to be set up. The malware's creators had said that payments made by ransomware victims would be split between themselves and their customers.
Researchers at Fortinet contacted the ransomware writers pretending they were interested in using the product and, soon afterwards, were sent a sample of the malware.
Analysis revealed that it used much less sophisticated encryption than the many variants seen targeting Windows machines, said the firm.

_96462877_e413266c-0e86-4df1-b422-6c0c63c22c12.jpg

NHS computers were hit by a high-profile ransomware attack last month

More Info: Click Here
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
You consider that about 75% of all ransomware in general (for all platforms) comes from the Russian criminal underground.

The one that makes the most upsetting thing is the fact that these families of ransomware have attacked million of people in the world, last year.

Everything and everyone are targets if they want that!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top