Zeljka Zorz - June 12, 2017
Two pieces of Mac malware – MacRansom and MacSpy – that seem to be created by the same developer are being offered for sale through two separate dark web portals.
The malware developer offers both through an as-a-Service model, and potential users are instructed to contact the developer directly through a Protonmail address in order to negotiate the terms, explain their needs, and get the malware.
AlienVault and Fortinet did just that, in order to get the samples and to analyze them.
Full Article.
Thank you Jasper for the information. I'd advise anyone with a Mac to read this article on how to protect themselves from these 2 malware or any other malware to take precautions listed.
June 14, 2017 by Thomas Reed
A couple weeks ago, two new Malware-as-a-Service (MaaS) offerings for the Mac became available. These two offerings – a backdoor named MacSpy and a ransomware app named MacRansom – were discovered by Catalin Cimpanu of Bleeping Computer on May 25.
Cimpanu evidently had some trouble getting hold of samples, but on Friday analysis of MacRansom was posted by Fortinet and analysis of MacSpy was posted by AlienVault.
Both of these malware programs were advertised through Tor websites, claiming them to be “The most sophisticated Mac spyware/ransomware ever, for free.” Neither programs were directly available, but could only be obtained by emailing the authors at protonmail[dot]com email addresses.
Full Article.
A couple weeks ago, two new Malware-as-a-Service (MaaS) offerings for the Mac became available. These two offerings – a backdoor named MacSpy and a ransomware app named MacRansom – were discovered by Catalin Cimpanu of Bleeping Computer on May 25.
Cimpanu evidently had some trouble getting hold of samples, but on Friday analysis of MacRansom was posted by Fortinet and analysis of MacSpy was posted by AlienVault.
Both of these malware programs were advertised through Tor websites, claiming them to be “The most sophisticated Mac spyware/ransomware ever, for free.” Neither programs were directly available, but could only be obtained by emailing the authors at protonmail[dot]com email addresses.
Full Article.
Oh, I don't believe...there goes Apple copying MS again...Just because Windows have MaaS Apple decide that they have to have one too...have these miscreants no shame...;)
But seriously speaking...the commercialisation of the malware sector infrastructure is increasing and with that is becoming ever more worrying. :(
But seriously speaking...the commercialisation of the malware sector infrastructure is increasing and with that is becoming ever more worrying. :(
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.