LockBit starts targeting Apple devices


A prominent cybercrime gang can apparently encrypt data on devices operating the macOS operating system used exclusively for Apple devices.

The development was first observed by the cybersecurity analyst MalwareHunterTeam on Twitter over the weekend.

ADVERTISEMENT

“As much as I can tell, this is the first AppleMac-devices-targeting build of LockBit ransomware sample seen,” said MalwareHunterTeam.

Another security pundit on Twitter, vx-underground, said the macOS payload might have been available for at least a couple of months as at the time of writing.

“It appears we are late to the game. The MacOS variant has been available since November 11th, 2022,” it tweeted.

According to the dark-web monitoring platform, DarkFeed, LockBit is the most active ransomware gang, with a total of 1,639 victims and counting.

However, multiple experts cautiously agree that the macOS payload was riddled with bugs and therefore wasn’t too dangerous for the time being.

“We’ll tear apart the sample, showing that ultimately, while yes it can indeed run on Apple Silicon, that is basically the extent of its impact. Thus macOS users have nothing to worry about … for now!” security analyst Patrick Wardle said.

He said that the average user was “unlikely to be impacted by this LockBit macOS sample.” But he added: “Still, the fact that a large ransomware gang has apparently set its sights on macOS should give us pause for concern.”

Wardle said he hoped that the incident would lead to more indepth “conversions about detecting and preventing” this and future similar examples of such malware.

ADVERTISEMENT