Malware News New ‘Turtle’ macOS Ransomware Analyzed


Level 44
Thread author
Top Poster
Nov 10, 2017
Patrick Wardle, the famed cybersecurity researcher specializing in Apple products, has conducted an analysis of a new macOS ransomware named Turtle.

Wardle’s analysis suggests that the Turtle ransomware is currently not sophisticated, but the malware’s existence indicates that cybercriminals continue to show an interest in targeting macOS users.

Versions of the Turtle ransomware appear to have been created for Windows and Linux systems as well.

Several of the vendors on VirusTotal already detect Turtle as a potential threat, which is unusual for a new piece of malware targeting macOS, but may be explained by similarities to the Windows version, for which crowdsourced YARA rules exist.

The malware was developed in Go and, based on strings found in the binary, ‘Turtle’ appears to be the name given by its author.

The rest


Level 3
Feb 28, 2023
I would like to make it clear that I wrote this set of tools, but they have not been used in any illegal situation, as my purpose was a research. I wonder how quickly security software vendors will notice a "new" ransomware on a non-mainstream platform.
The best evidence of not being used in illegal scenarios is that I didn't even generate a ransom note.
I uploaded the samples to VirusTotal/MetaDefender/Triage as soon as I finished writing them and reported them to all the security vendors I could contact.
I even prepared a post documenting the process by which they detected it, if you can use web translation.
Time to put an end to this farce...

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.