Security News > 2023 > January > Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
2023-01-06 14:15

Microsoft has shed light on four different ransomware families - KeRanger, FileCoder, MacRansom, and EvilQuest - that are known to impact Apple macOS systems.

The initial vector for these ransomware families involves what the Windows maker calls "User-assisted methods," wherein the victim downloads and installs trojanized applications.

Another method touched on by Microsoft, but not adopted by the ransomware strains, entails the NSFileManager Objective-C interface.

Persistence, which is essential to ensuring that the malware is run even after a system restart, is established by means of launch agents and kernel queues, Microsoft pointed out.

EvilQuest, which was first exposed in July 2020, further goes beyond typical ransomware to incorporate other trojan-like features, such as keylogging, compromising Mach-O files by injecting arbitrary code, and disabling security software.

"Ransomware continues to be one of the most prevalent and impactful threats affecting organizations, with attackers constantly evolving their techniques and expanding their tradecraft to cast a wider net of potential targets," Microsoft said.


News URL

https://thehackernews.com/2023/01/microsoft-reveals-tactics-used-by-4.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399