Malicious code infecting some Mac computers requires users to pay 1 bitcoin to release hostage data.
The bane of “ransomware” used by hackers to hold data hostage was expected to begin striking a small number of Mac computers on Monday.
Researchers at U.S. computer security firm Palo Alto Networks said that they alerted Apple over the weekend to the discovery of malicious code they named “KeRanger” crafted to infect Mac computers and deny people access to their own pictures, documents and other digital data until money is paid.
“We believe KeRanger is the first fully functional ransomware on the OS X platform,” Palo Alto Networks said in a blog post, referring to the operating software that powers Mac computers. Hackers got KeRanger into Mac machines by infecting the open-source program Transmission, which is used to transfer files at a file-sharing network, according to the researchers who say they caught onto the attack shortly after it began on Friday.
Palo Alto Networks over the weekend alerted Apple, which pulled a “certificate” that allowed the infected application to be installed on computers, researchers said. If a Mac user tries to open a known infected version of Transmission, a warning message appears on screen advising people what steps to take to avoid infection.
Quick defensive actions were believed to have greatly limited the number of Macs infected. KeRanger was built to wait three days before activating, meaning that it would begin striking on Monday. Infected users find their data encrypted, which is followed by a demand they pay 1 bitcoin to regain access to the files.
Ransomware has tormented users of Windows-powered computers for years but this is a first for computers powered by Apple software. The malicious code encrypts digital data, with access only restored if victims pay ransoms.
Apple did not immediately respond to requests for comment.