When it comes to malicious software like ransomware, Mac users are usually adamant that their systems are “virus-safe”. That’s a common misconception. Today, a new ransomware targeting macOS has come to light. The ransomware disguises itself as an installer for Little Snitch and has been spotted on torrent websites. For the unaware, Little Snitch is a popular firewall app for the Mac.
A report from Malwarebytes sheds light on the ransomware and its behavior. Fortunately, the malware isn’t very sophisticated or well designed. Malwarebytes’ Thomas Reed installed the malware on his system to observe how it works. He noted “the attempt to run the Little Snitch installer got hung up indefinitely, until I eventually forced it to quit.”
To get the malware to actually encrypt any files, Reed had to adjust his system clock three days ahead. Also, he had to disconnect from his network and restart his system multiple times.
Reed also notes that the malware did a poor job of showing up the payment screen that asks victims to pay a ransom in exchange for their files. “Although others have reported that a file is created with instructions on paying the ransom, as well as an alert shown, and even text-to-speech used to inform the user they have been infected with ransomware, I was unable to duplicate any of these, despite waiting quite a while for the ransomware to finish”, says Reed.