Security experts have discovered that the LockBit ransomware group has developed malware targeting macOS. This is believed to be the first major ransomware operation aimed at Mac users. MalwareHunterTeam, a researcher, first noticed the new malware in a ZIP archive on VirusTotal. The archive contained ransomware for Windows, Linux, VMware ESXi, macOS, ARM, FreeBSD, MIPS, and SPARC.
The archive contained a locker_Apple_M1_64 targeting new Macs running on Apple Silicon, as well as PowerPC malware for older Macs. Strings in the Apple M1 malware suggest that it was intended for testing, not for use in real attacks. macOS security specialist Patrick Wardle believes the ransomware is still under development or testing, as it lacks the necessary functions to properly encrypt Mac computers.
Wardle’s report states that the macOS malware appears to be based on the Linux version and compiled for macOS with basic settings. While running the ransomware on macOS, it generally fails due to a buffer overflow error. It is unclear to what extent the macOS malware can be useful for hackers to attack businesses. However, some of LockBit’s “partners” are targeting consumers and small businesses, where such malware could be of great use.
A representative of the LockBit group confirmed that the ransomware for Mac was “actively developed”, but did not provide any details.