Filecoder.E: The new macOS-targeting ransomware distributed through Torrent websites
It’s not the first time Mac-targeting ransomware has been detected by security researchers. In 2014, Kaspersky Labs discovered OSX.FileCoder.a ransomware, though it wasn’t complete at the time. And the next one, OSX.KeRanger was discovered in 2016 by Palo Alto researchers.
The new Filecoder ransomware, designed specifically for macOS, has been spotted being distributed through Torrent websites. Threat actors misrepresents Filecoder ransomware to appear like a patcher for ‘Adobe Premiere Pro’ and ‘Microsoft Office 2016’.
The malicious Torrent contains a single ZIP file including two fake patcher applications.
After launching the malicious application, a fake installation window appears. Clicking the Start button launches the encryption process. Filecoder, written in Swift (Apple‘s developement plaftorm for iOS, macOS, watchOS, tvOS, and Linux), first copies ‘README!.txt’ file which contains the ransom message in user’s directories such as “Documents” and “Photos”. Then it generates a random 25-character string to use as the key to encrypt files. Following its file encryption process, Filecoder appends the extension, .crypt to its locked files and deletes the original files.
Unfortunately, there is no decryption possible. Since this ransomware doesn’t have any code to communicate with any ‘Command and Control’ (C&C) center, there is no way the encryption key to send to threat actors. Which makes providing a decryption tool impossible even if you pay the ransom. It is advised that victims never pay the ransom when hit by OSX/Filecoder.E ransomware.
If you find this post informative, please share it on social media using the ‘Share’ bar on the right sight of the page to support us.
Please subscribe to our free newsletter using the form below to receive latest cyber security news, vulnerability alerts, security updates, malware alerts, how-to guides, data breach and DDoS news, and scam alerts.
649 total views, 8 views today