A belief that has always been widespread on the web, is that malware is an exclusive Windows thing, and that those who use macOS or Linux have little or nothing to worry about. When the reality is that the vast majority of computers use the Microsoft system and that is why they are usually the main target of attacks.
However, evidence to show that all systems are vulnerable is not something that is scarce, and now that ransomware is so “in” and that it begins to offer as a service (RaaS) in the darkest corners of the Dark Web, have begun to appear strains whose goal is Apple computers.
Security researchers have discovered what could be perhaps the first portal in the Dark Net that offers Ransomware-as-a-service (RaaS) focused on Mac. These are two websites that sell ransomware to any third-party cybercriminal who does not have much technical knowledge.
The two sites look almost exactly the same, one is called MacSpy and offers “the most sophisticated spyware for Mac ever created, free.” And, the other one is called “MacRansom”, and it says the same thing, only that offering ransomware instead of spyware.
To obtain any variable you have to contact the author of the portal to send a sample, they also offer “advanced” versions for a certain amount of Bitcoin. In Fortinet they took a sample of MacRansom, and they explain that a timer can be established at the request of the client that buys the ransomware so that the encryption of the victim’s data can be delayed.
MacRansom seems not to be very sophisticated, since it only encrypts a maximum of 128 files. But, it is capable of making the files useless even if recovery tools are used. Once infected with MacRansom the victim receives a demand for x amount of Bitcoins and an email address to be able to decrypt their files.
The varible MacSpy was investigated by the people of AlienVault, and although they notice that it is not especially cautious, it is still dangerous and offers options to spy on the victim whether it is a keylogger installed, capturing screenshots and stealing files synchronized with iCloud.