
New Mac Ransomware Is Even More Sinister Than It Appears - fortran77
https://www.wired.com/story/new-mac-ransomware-thiefquest-evilquest/
======
saagarjha
> It's a good reminder to get your software from trustworthy sources, like
> developers whose code is "signed" by Apple to prove its legitimacy, or from
> Apple's App Store itself.

Just because an application is signed with a developer ID is little guarantee
that it’s trustworthy. And stuff from the App Store won’t hold your Mac up for
ransom, but fairly concerning software has slipped past review.

~~~
sschueller
Why is this a problem today and it wasn't one 10-20 years ago?

We didn't have walled gardens and we were fine. We had nasty viruses back then
too, even some that would cause physical damage to your hardware.

Where is the personal responsibility to make sure you have backups and not
install every crapware found on the web?

Are we going to require warning labels on your computers that can't be removed
like airbag labels on cars soon?

I don't want a large corporation deciding what I can install and what not.

~~~
user5994461
20 years ago there was no broadband. You'd have to buy software on a CD and
wait 3 weeks for it to arrive.

~~~
boomboomsubban
20 years ago was 2000, broadband was around and someone you knew had a CD
burner you could use.

~~~
lvturner
That entirely depended on your geographic location and socioeconomic status.

While the same is /still/ true it is less so now.

------
fulafel
Don't these kinds of frankenstein mashups of different malware components of
various quality occur pretty often, is there some reason the interviewees and
reporter imply this is a mystery? Or are all the components previously unseen?
If the latter, then would warrant speculation of how the competently
implemented stack was burned by someone who didn't know how to set up the
monetization properly.

~~~
oefrha
> Don't these kinds of frankenstein mashups of different malware components of
> various quality occur pretty often

Yes.

> Or are all the components previously unseen?

Not really.

From TFA:

 _" My current gut feeling about all of this is that someone basically was
designing a piece of Mac malware that would give them the ability to
completely remotely control an infected system. And then they also added some
ransomware capability as a way to make extra money."_

That basically described how ransomware was born, god knows how long ago.

IMO the better question is why the hell attackers targeting macOS haven't been
doing this until now (if we take their word for it).

> is there some reason the interviewees and reporter imply this is a mystery?

I suspect the reason is boring: they want to grab eyeballs.

~~~
kalium-xyz
>why the hell attackers targeting macOS haven't been doing this until now
AFAIK most companies which have business critical hardware that cant recover
from ransomware attacks dont run macOS

~~~
aphroz
Most probably run linux ;) I think that creators of ransomwares try to target
the broader audience. The ROI is probably higher if you target Windows, as
this it is probably running on 95% of the personal computers worldwide. Linux
servers have probably more valuable data, but better security and backups.
While I would be curious to know the percentage of Mac users who are
installing softwares from another source than the app store. I will go even
further, I am quite sure than a good percentage of Mac users never use any
other software than an internet browser.

~~~
bryanrasmussen
>I am quite sure than a good percentage of Mac users never use any other
software than an internet browser.

that seems like a particularly expensive device for only internet browsing.

~~~
noisem4ker
I'm not sure why a reply disappeared here, but I feel like reaffirming its
late content:

>The strength of Apple products is to be perceived as a higher value thanks to
design and marketing. People would buy a Gucci t-shirt for 300$, it's also
particularly expensive for a t-shirt. At this point people don't buy the
product for its intrinsic value, but for status and perceived value.

~~~
close04
While the brand always commands a premium (Gucci, Apple, etc.) the comparison
is unfair. Fashion is _all_ about image, not functionality so a Gucci t-shirt
is for all intents and purposes a regular t-shirt with a Gucci logo (or worse
[0]). In tech most companies do struggle to bring something all of their own.
Apple in particular does an above average job at this: dedicated OS, dedicated
CPUs, dedicated various other chips (like the T, W, U chips). Saying it's only
a logo is disingenuous.

[0] [https://www.dailycal.org/2013/07/19/kanye-wests-
ridiculously...](https://www.dailycal.org/2013/07/19/kanye-wests-ridiculously-
expensive-plain-white-t-shirt-is-sadly-a-hot-item/)

~~~
tkeAmarktinClss
Extremely debatable. There are uncountable negatives as an Apple consumer.

Sure you might have a few benefits, but you must deal with unavoidable pains
at every turn.

~~~
bryanrasmussen
I agree there are uncountable negatives as an Apple consumer, but I'm not sure
they are any greater in number than the uncountable negatives of being a
Windows consumer - and I kind of like Windows. Or for that matter if you're
not a developer the uncountable negatives of Ubuntu.

~~~
tkeAmarktinClss
Ubuntu server is flawless, you take that back :P

Ubuntu desktop... I tried multiple times across multiple decades, I've given
up.

Not sure what Windows issues exist outside licences disappearing upon
reformatting. But that's still exponentially cheaper to fix then any Apple
product.

~~~
bryanrasmussen
>Not sure what Windows issues exist outside licences

well, perhaps not for you and I guess not really, in my experience, for me,
but I have noticed that the population at large seems to suffer recurrent
damage related to some ancient decisions made regarding Windows security.

------
tkeAmarktinClss
Another security issue for a company that Advertises it's security and privacy
being useful for even the most uneducated user.

I know people talk about finance classes in schools, but I think we urgently
need marketing classes. Companies have entire departments learning how to
exploit your psychology and if you haven't seen the basics of marketing, you
are ripe for pickings.

~~~
jakemal
> For your Mac to become infected, you would need to torrent a compromised
> installer and then dismiss a series of warnings from Apple in order to run
> it

The people getting infected are the people that are knowingly bypassing all of
the security measures Apple put in place to protect the uneducated users.

~~~
easterncalculus
Those measures (and bypass methods) can be improved to more loudly tell the
user of what could happen, and the risks associated though. Them being there
doesn't mean they can't be improved. A ton of these malware types have come
out long after these messages were (possibly arbitrarily) designed and
written. I've heard of changes with Windows Defender in this respect (to more
accurately reflect current threats like ransomware) but I haven't heard of
Apple doing anything similar.

------
robotnikman
No surprise that ransomware makers are now shifting their focus to Mac OS
devices.

From my observations, most people who buy Macs tend to have good finances, and
are probably more likely to pay a ransom (and at a higher price) than most of
the people who use Windows or Chromebook users.

~~~
fortran77
And they've been lulled into a false sense of security.

------
bitdotdash
hmm

"My current gut feeling about all of this is that someone basically was
designing a piece of Mac malware that would give them the ability to
completely remotely control an infected system. And then they also added some
ransomware capability as a way to make extra money."

Honestly I kind of feel like the opposite is probably true. The ransomware is
the primary money maker and the backdoor stuff is there just in case there is
something interesting to extract if the main money play doesn't net you
anything.

