• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Mac OS X Ransomware KeRanger Is Linux Encoder Trojan

March 11, 2016

Views: 2,587

So there’s been a fair bit of noise this past week about the Mac OS X Ransomware, the first of its’ kind called KeRanger. It also happens to be the first popular Mac malware of any form for some time.

It’s also a lesson to all the Apple fanbois that their OS is not impervious and this was bundled with legit software (Transmission) and bypassed the Gatekeeper protection as it was signed with a legit cert.

Mac OS X Ransomware KeRanger

It turns out, basically it’s just the Linux Encoder Trojan (the first Linux ransomware trojan) re-purposed for Macs, as well OS X is a *nix variant based on OpenBSD with a fancy window manager.

The world’s first fully functional OS X ransomware, KeRanger, is really a Mac version of the Linux Encoder Trojan, according to new research from Romanian security software firm Bitdefender.

The infected OS X torrent update carrying KeRanger looks virtually identical to version 4 of the Linux Encoder Trojan that has already infected thousands of Linux servers this year.

KeRanger spread via an infected version of an otherwise legitimate open source BitTorrent application, Transmission. The tainted version (2.90) was available for download between March 4 and March 5, 2016 and came signed with a legitimate developer certificate.

Apple’s OS X ships with a security feature called Gatekeeper, allowing users to restrict which sources they can install applications from in order to minimize the likelihood of deploying a malicious app. The default setting allows users to install applications from the Mac App Store or applications that are digitally signed by a developer.

By using a developer certificate to sign their wares, the crooks behind KeRanger were able to circumvent Apple’s GateKeeper control. Apple has since revoked the misused certificate, which was issued to a Turkish firm, so the immediate panic is over.

However, similar attacks along the same lines might easily re-appear, so merely disallowing unsigned software from running on Macs is no defense.

It’s a pretty nasty form of cyber-bullying, and well as we wrote before, if you do get hit there’s not a lot you can do. Even the FBI Recommends Crypto Ransomware Victims Just Pay.

The developer cert used to sign the dodgy version of Tranmission has been revoked, but it just goes to show the system is not flawless and this could easily happen again.

KeRanger isn’t the first Mac malware with the capability to circumvent Gatekeeper. For example, three years ago the same trick was used in a trojan (KitM.A) found on computers belonging to Angolan civil rights activists, Bitdefender reports.

“Once the infected installer is executed, the Trojan connects to the command and control centers via TOR and retrieves an encryption key,” explained Catalin Cosoi, chief security strategist at Bitdefender.

“After encryption finishes, the KeRanger ransomware creates a file called README_FOR_DECRYPT.txt, which holds the information on how the victim should pay the ransom. The encryption functions are identical to those deployed by the Linux Encoder Trojan and have the same names.”

Six months ago, only Windows and Android smartphone users needed to worry about ransomware, but that has changed more recently so that Linux server admins and even Mac users need to be wary of potential attack. Windows remains the target of the greatest number of different ransomware strains and the main locus of the problem, as it is for other types of malware.

The developers behind the Linux Encoder malware have either expanded to OS X or have licensed their code to a cybercrime group specializing in OS X attacks, according to Bitdefender.

I’m pretty sure no one reading this site will get caught out by this kind of thing, but if you did well that mistake is gonna cost you over $400USD.

Be wary, and do inform your Apple loving friends and family members that the bad guys feel like it’s worth targeting them now, the free-love, no anti-virus party is over.

Source: The Register

Share
Tweet3
Share95
Buffer
WhatsApp
Email
98 Shares

Filed Under: Apple, Malware Tagged With: mac malware, mac trojan, mac-security, Ransomware



Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 285

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 493

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 490

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Shell3r - Powerful Shellcode Obfuscator for Offensive Security

Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Views: 687

If antivirus and EDR vendors are getting smarter, so are the tools that red teamers and penetration … ...More about Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

Views: 8,459

Introduction: How Much of the Internet Can You See? You're only scratching the surface when you … ...More about Understanding the Deep Web, Dark Web, and Darknet (2025 Guide)

DataSurgeon is an open-source Linux-based data extraction and transformation tool designed for forensic investigations and recovery scenarios.

DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux

Views: 468

DataSurgeon is an open-source Linux-based data extraction and transformation tool designed for … ...More about DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (227)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (73)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,291,642)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,069)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,614)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,675)
  • Password List Download Best Word List – Most Common Passwords (933,462)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,130)
  • Hack Tools/Exploits (673,286)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,143)

Search

Recent Posts

  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025
  • Shell3r – Powerful Shellcode Obfuscator for Offensive Security May 2, 2025
  • Understanding the Deep Web, Dark Web, and Darknet (2025 Guide) April 30, 2025
  • DataSurgeon – Fast, Flexible Data Extraction and Transformation Tool for Linux April 28, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy