Mac OS X SMS ransomware - hype or real threat?

Summary:In need of a fresh example that cybercriminals are actively looking for ways to monetize infected Mac OS X hosts? Early-stage discussions at several web forums, including a PoC, offer an insight into the potential to monetize OS X infected hosts using SMS-based ransomware.

In need of a fresh example that cybercriminals are actively looking for ways to monetize infected Mac OS X hosts?

Early-stage discussions at several web forums, including a PoC (proof of concept, source code included) Mac OS X blocker as well as potential GUIs for the ransomware, offer an insight into the potential to monetize OS X infected hosts using SMS-based ransomware.

Is Mac OS X ransomware just a hype, or a real threat? Let's take a brief retrospective of known OS X monetization strategies used by cybercriminals, discuss the ransomware threat on the Windows OS, and go through some pretty self-explanatory ransomware layouts for the OS X based ransomware.

What have originally started as a complaint from a single user who claims to have been victimized by SMS-based ransomware on his Mac OS X, motivated others to not just come up with possible layouts for the OS X ransomware GUI, but also, release a proof of concept blocker.

In its current version, the PoC blocker doesn't extort money, instead it demonstrates its ability to intercept all attempts to close down and exit the application, with the author and other participants commenting that "although it was built as a PoC, anyone can add additional features including auto-starting features, perhaps even spreading functionality".

Sadly, they are right. And while the commonly shared attitude between the people participating in the discussion is in the lines of "harmless joke having nothing to do with malware", ransomware is virtual extortion, or the monetization of disrupting an end user's productivity. Another participant in the discussion is pretty straightforward in his ambitions by saying "Guys, we are ready. Looking forward to it".

Cybercriminals are no strangers to the Mac OS X ecosystem. From Mac OS X affiliate bounties offering 43 cents per infected Mac, the monetization of Mac OS X traffic, the use of pirated application releases, and good old fashioned social engineering attempts in the form of fake codecs or missing plugins, Mac OS X malware is no longer a myth. Ransomware, is perhaps the only segment of malicious software that hasn't been released on the Mac OS X so far.

How widespread is the ransomware threat on the Windows OS? Pretty widespread. According to Fortinet's February Threatscape report:

  • Most notable was the number one chart-topping malware variant, HTML/Goldun.AXT, which works by disseminating a binary malware file that downloads the ransomware "Security Tool" and, once executed, locks up applications until a cleansing tool is purchased to restore the computer. While this example accounts for the majority of activity detected this period, the Security Tool ransomware was also distributed through SEO attacks as well.

As in every other malware segment, an epidemic of a particular threat is often triggered by the overall availability of DIY (do-it-yourself) tools, or managed services allowing novice and potential cybercriminals easy access to tools and DIY malware kits. Throughout the entire 2009, the cybercrime ecosystem was actively developing the SMS-based ransomware market segment, but persistently releasing new layouts, and adding new features within ransomware releases available for sale.

The laws of demand and supply fully apply within the cybercrime ecosystem. Therefore, it's only a matter of time before someone starts developing this malware segment, either driven by personal financial gains, or by someone else's demand for such a malicious release.

What do you think? Is Mac OS X ransomware a real threat, or a hype, with cybercriminals basically experimenting in the short term?

TalkBack.

Topics: Security, Apple, Collaboration, Hardware, Malware, Mobility, Networking, Operating Systems, Software, Telcos

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.