Major ransomware campaign targets Mac devices
Cybersecurity researcher MalwareHunterTeam has discovered a ZIP archive on TotalVirus containing most of the available LockBit encryptors — including one targeting M1 Macs.
This is the first time the LockBit ransomware gang has built encryptors targeting Mac computers, and this is likely the first significant ransomware campaign to target macOS devices specifically.
“As much as I can tell, this is the first Apple’s Mac devices targeting build of LockBit ransomware sample seen… Also is this a first for the ‘big name’ gangs?” MalwareHunterTeam said on Twitter.
The archive found on VirusTotal includes a LockBit encryptor named “locker_Apple_M1_64” targeting new Macs running Apple’s in-house silicon.
It also contains some targeting PowerPC CPUs commonly used in older Macs.
Previously, the LockBit campaign used encryptors designed for Windows, Linux, and VMware ESXi servers.
However, the archive also features encryptors for macOS, ARM, FreeBSD, MIPS, and SPARC CPUs that were previously unknown.
Vx-Underground found an Apple M1 encryptor that has been in circulation since November 2022, meaning these samples have likely been around for some time.
“Lockbit ransomware group has created their first MacOS-based payload. We believe this is the first time a large ransomware threat group has developed a payload for Apple products,” it said.
“It appears we are late to the game. The MacOS variant has been available since November 11th, 2022.”
Loading ...