Security News > 2023 > January > Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
Microsoft has shed light on four different ransomware families - KeRanger, FileCoder, MacRansom, and EvilQuest - that are known to impact Apple macOS systems.
The initial vector for these ransomware families involves what the Windows maker calls "User-assisted methods," wherein the victim downloads and installs trojanized applications.
Another method touched on by Microsoft, but not adopted by the ransomware strains, entails the NSFileManager Objective-C interface.
Persistence, which is essential to ensuring that the malware is run even after a system restart, is established by means of launch agents and kernel queues, Microsoft pointed out.
EvilQuest, which was first exposed in July 2020, further goes beyond typical ransomware to incorporate other trojan-like features, such as keylogging, compromising Mach-O files by injecting arbitrary code, and disabling security software.
"Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast a wider net of potential targets," Microsoft said.
News URL
https://thehackernews.com/2023/01/microsoft-reveals-tactics-used-by-4.html
Related news
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Microsoft says more ransomware stopped before reaching encryption (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Microsoft investigates OneDrive issue causing macOS app freezes (source)