To determine if KeRanger is present on your Mac, do the following: The version of KeRanger we have analyzed stays idle for three days after initial infection. Does that mean my Mac has dodged KeRanger? Also, Apple has revoked the misused certificate to prevent users from opening the infected installer even if it is downloaded from a third-party location. Its malicious version (2.90) was available for download between March 4 and Maand was signed with a legitimate developer certificate.Īs of March 5, the malicious version was removed from Transmission’s website. It’s spread via an infected version of an otherwise legitimate open source BitTorrent application – Transmission. Is KeRanger just a proof-of-concept or fully functional in-the-wild malware?.Here is what you need to know, followed by his technical analysis. ESET researcher Anton Cherepanov also spotted it and has completed his own analysis. Analysis of this threat was first published by Palo Alto Networks. All users were recommended to upgrade immediately to 2.91, as they might have fallen victim to new file-encrypting ransomware – dubbed KeRanger –that targets OS X. Figure 1 – The warning displayed at the startup of Transmission for OS XĪccording to the warning, which was displayed within the Transmission application and on its website, version 2.90 of the application was infected.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |