Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    What's Hot

    Solana’s NFT space can recover soon, but SOL’s troubles are far from over 

    April 1, 2023

    Terra’s branding at MLB opener draws attention from spectators

    April 1, 2023

    Tron [TRX]: Will new upgrade foster stagnant staking activity? Gauging…

    April 1, 2023
    Facebook Twitter Instagram
    Facebook Twitter Instagram Vimeo
    Cryptonounce.com
    Contact
    • Business
      • Deals
      • investors
      • IPO
      • Startups
      • Wall Street
    • Markets
      • Bonds
      • Commodities & Futures
      • Currencies
      • Funds & ETFs
      • Stocks
    • Crypto
      • Alticoins News
      • Binance News
      • Bitcoins News
      • Blockchain News
      • Ethereum News
      • Token Sales News
      • XRP News
    • Technology
      • Artificial Intelligence
      • Big Data
      • Cloud Computing
      • Cybersecurity
      • Gaming
      • Internet of Things
      • Mobile
      • Social Media
      • Transportation
      • VR & AR
    • FinTech
    • Personal finance
    • Grides
      • Crypto
      • FinTech
      • Investing
      • Personal Finance Guides
      • Techonology
    • Tools
      • Coins
      • ICO List
      • Organigations
      • Events
    Cryptonounce.com
    Home » Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
    Cybersecurity

    Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

    AdmincryptBy AdmincryptJanuary 6, 2023No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Jan 06, 2023Ravie LakshmananEndpoint Security / Cyber Threat

    Ransomware Families Targeting macOS

    Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems.

    “While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform,” the tech giant’s Security Threat Intelligence team said in a Thursday report.

    The initial vector for these ransomware families involves what the Windows maker calls “user-assisted methods,” wherein the victim downloads and installs trojanized applications.

    Alternatively, it can also arrive as a second-stage payload that’s dropped by an already existing malware on the infected host or as part of a supply chain attack.

    Irrespective of the modus operandi employed, the attacks proceed along similar lines, with the threat actors relying on legitimate operating system features and exploiting vulnerabilities to break into the systems and encrypt files of interest.

    This includes the use of the Unix find utility as well as library functions like opendir, readdir, and closedir to enumerate files. Another method touched on by Microsoft, but not adopted by the ransomware strains, entails the NSFileManager Objective-C interface.

    KeRanger, MacRansom, and EvilQuest have also been observed to utilize a combination of hardware- and software-based checks to determine if the malware is running in a virtual environment in an attempt to resist analysis and debugging attempts.

    Ransomware Families Targeting macOS Systems

    KeRanger, notably, employs a technique known as delayed execution to escape detection. It achieves this by sleeping for three days upon its launch before kick-starting its malicious functions.

    Persistence, which is essential to ensuring that the malware is run even after a system restart, is established by means of launch agents and kernel queues, Microsoft pointed out.

    While FileCoder uses the ZIP utility to encrypt files, KeRanger uses AES encryption in cipher block chaining (CBC) mode to achieve its goals. Both MacRansom and EvilQuest, on the other hand, leverage a symmetric encryption algorithm.

    EvilQuest, which was first exposed in July 2020, further goes beyond typical ransomware to incorporate other trojan-like features, such as keylogging, compromising Mach-O files by injecting arbitrary code, and disabling security software.

    It also packs in capabilities to execute any file directly from memory, effectively leaving no trace of the payload on disk.

    “Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast a wider net of potential targets,” Microsoft said.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleComcast elevates Jason Armstrong to CFO
    Next Article Live news: Southwest Airlines meltdown to cost carrier up to $825mn
    Admincrypt
    • Website

    Related Posts

    Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability

    March 31, 2023

    Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam

    March 31, 2023

    Deep Dive Into 6 Key Steps to Accelerate Your Incident Response

    March 31, 2023

    3CX Supply Chain Attack — Here’s What We Know So Far

    March 31, 2023

    Leave A Reply Cancel Reply

    Our Picks
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    XRP News

    Solana’s NFT space can recover soon, but SOL’s troubles are far from over 

    By AdmincryptApril 1, 20230

    Compressed NFTs will be launching on Solana soon, tweeted Solflare Wallet. A few metrics related…

    Terra’s branding at MLB opener draws attention from spectators

    April 1, 2023

    Tron [TRX]: Will new upgrade foster stagnant staking activity? Gauging…

    April 1, 2023

    Elon Musk seeks to end $258 billion Dogecoin lawsuit By Reuters

    April 1, 2023

    Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    NEWS
    • Business
    • Crypto
    • Blockchain
    • Markets
    • Technology
    FEATURED SECTIONS
    • Coins
    • ICO List
    • Organigations
    • Events
    • Grides
    FEATURED LINKS
    • Story of the day
    • Videos
    • Infographics
    CONNECT WITH US
    • Facebook
    • Twitter
    • Telegram
    • LinkedIn
    • Pinterest
    ABOUT US
    • Contact
    • Advertise
    • Sitemap
    Copyright © 2023 Cryptonounce All rights reserved. Cryptonounce.
    • Home
    • Buy Now

    Type above and press Enter to search. Press Esc to cancel.

    Sign In or Register

    Welcome Back!

    Login to your account below.

    Lost password?