close
close

Association-anemone

Bite-sized brilliance in every update

Forget the new MacBook Pro M4, hackers are targeting the old one
asane

Forget the new MacBook Pro M4, hackers are targeting the old one

Like the excitement surrounding its release the latest range of MacBook Pros with the new M4 chip mounts, users of existing hardware have been warned to be aware that hackers are targeting their older devices. While it’s not something Apple fans will want to hear, it seems the ransomware threat to macOS has started to become more than just fear, uncertainty and doubt. Say hello to NotLockBit.

ForbesNew cyber attack warning — Confirming you’re not a robot can be dangerous

As the MacBook Pro M4 Hype continues, hackers are looking to attack older Intel hardware

A number of reports from various threat intelligence sources have highlighted that macOS malware, specifically ransomware in this case, is firmly on the radar of cyber attackers. Security researchers at Trend Micro were the first to sound the alarm about a group of threat actors deploying a “fake LockBit” ransomware exploit that included macOS users in its sights. This has now been followed by another report, this time by security researchers with SentinelOne, detailing how macOS.NotLockBit malware is deployed.

Interestingly, with the focus of the media and Mac fans alike on when Apple will start selling the latest M4-powered MacBook Pro hardware, NotLockBit is targeting users of older laptops. “The ransomware is written in Go and distributed as an x86_64 binary, which means it will only run on Intel Macs or Apple silicon Macs with the Rosetta emulation software installed,” SentinelOne said. Which doesn’t leave the new MacBook Pros completely out of the loop, of course, but it makes for worrying reading if you’re still stuck on an Intel device.

Warning that so far ransomware threats to macOS users have been, to be polite, proof of concept exploits rather than actual ones, or if the latter were “incapable of succeeding in their apparent purpose,” according to the researchers SentinelOne, you can feel a sea, but it’s coming. But… the latest malware samples analyzed by SentinelOne suggest that threat actors are rapidly evolving the macOS ransomware model.

How NotLockBit Malware Attacks Intel MacBook Pro Users

According to the SentinelOne intelligence report, the NotLockBit ransomware gathers system information at runtime by targeting the properties list file “System/Library/CoreServices/SystemVersion.plist” to retrieve the product name, version, and build number. It also queries “sysctl hw.machine” to get system architecture data and finally “sysctl kern.boottime” for the time since the device was last booted. Security researchers discovered an embedded public key that enables the potential for asymmetric encryption, “making decryption impossible,” SentinelOne warned, “without access to the private key held by the attacker.” As is typical of modern ransomware, NotLockBit attempts to exfiltrate user data on a remote server.

ForbesIt’s 2024 and your laptop can be hacked with a BBQ lighter

The good news is that the latest macOS ransomware threat is far from a done deal in terms of achieving its goals. In all versions of the NotLockBit malware analyzed by SentinelOne, the attack was prevented by the MacBook Pro’s transparency, consent and control protections. Apple says these protections, known as TCC, require all apps to obtain user consent before accessing files in Documents, Downloads, Desktop, iCloud Drive, and network volumes. “In macOS 10.13 or later, apps that require access to the full storage device must be explicitly added in System Settings (macOS 13 or later) or System Preferences (macOS 12 or earlier)” Apple said. Additionally, accessibility and automation capabilities require user permission to ensure they don’t circumvent other protections.

Having said that, according to SentinelOne“circumventing TCC is pretty trivial,” so he said he expects developments in future versions of the malware to evolve to counter the multiple alerts, all of which require user consent, as the malware “tries to traverse certain directories and processes control, such as the Events system.”

Do MacBook Pro users need to worry about ransomware right now?

The truth about the latter is that every user of any computing device, regardless of the operating system it runs on, needs to be aware of the threat posed by malware, including ransomware. MacBook Pro users are not exempt from the risk of attackbut for the most part phishing dominates here. However, the specific ransomware threat to macOS users remains both small and unlikely. “It’s clear that threat actors have understood that the double extortion method that works so well on other platforms,” ​​SentinelOne said, “essentially information stealers combining with file locks, is just as viable on the desktop platform Apple”. Indeed, regardless of whether the file encryption succeeds or not, SentinelOne warned that threat actors can still benefit from the stolen data. There are no known victims of NotLockBit and no distribution methods that have been exploited in the wild. Threat actors will undoubtedly continue to develop malware, just as Apple will continue to evolve protections to mitigate it. I’d say MacBook Pro fans are excited about the new M4 devices coming soon, but with an eye open to security threats as everyone should be.

ForbesiOS and Android security: 2 very dangerous apps found in official stores