Microsoft has recently revealed information on the four different ransomware families, i.e. KeRanger, FileCoder, MacRansom, and EvilQuest that are apparently impacting Apple macOS systems.
These ransomware families first spread through what the Windows makers refer to as “user-assisted methods,” in which the victim downloads and sets up trojanized software.
Besides, it may also show up as part of a supply chain attack payload or as a second-stage payload delivered by already-existing malware on the attacked host.
“While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform,” said the tech giant’s Security Threat Intelligence team, in a Thursday report.
Regardless of the approach of attack used, the attacks follow a similar pattern in which threat actors use legitimate operating system features and vulnerabilities to gain access to the computers and encrypt important documents.
This includes the use of the Unix operating system, along with library functions like opendir, readdir, and closedir in order to enumerate files. Microsoft mentioned another approach, but the ransomware strains did not use it, says the NSFileManager Objective-C interface.
In an attempt to thwart analysis and debugging efforts, malware such as KeRanger, MacRansom, and EvilQuest have also been seen to employ a combination of hardware- and software-based tests to establish whether the
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: