Historically, Apple enthusiasts had little cause for concern regarding malware threats, unlike their Windows-based counterparts.
Despite malware targeting Apple devices pre-dating viruses written for PCs, and with some households of malware posing a significant threat to both platforms (e.g., phrase macro viruses that afflicted computers heavily from 1995 onwards), it’s generally the case that you’re significantly less likely to encounter malware on your Mac compared to your Windows PC.
However, this doesn’t suggest that Mac users should remain complacent. The revelation of a novel malware strain underscores the persistent threat posed by cyberattacks, highlighting the need for continued vigilance and robust defenses, regardless of scale or platform.
Researchers at SentinelOne have uncovered a novel malware strain, dubbed “NotLockBit”, which specifically targets macOS software, indicating a growing sophistication in cybercriminal tactics as they exploit users’ complacency regarding laptop security.
While initial suspicions suggested a connection to the notorious LockBit ransomware group, further analysis reveals that this threat actor is actually an imposter attempting to masquerade as such.
Notably, the malicious actor behind NotLockBit resorts to a “false flag” tactic, deploying LockBit’s distinctive desktop wallpaper in an apparent attempt to deceive victims and security experts about its true origins.
NotLockBit allegedly touts itself as Model 2.0, whereas LockBit 3.0 has already made its debut; meanwhile, core members of the LockBit collective have reportedly parted ways.
Earlier ransomware threats towards macOS customers were relatively rare.
The original LockBit ransomware group emerged last year, but due to its bugs and propensity to crash, it was initially regarded as a minor threat.
The newly discovered malware, analyzed by SentinelOne’s researchers, is a 64-bit x86 binary, designed to run exclusively on Intel-based Macs or those using Rosetta emulation.
According to security experts, NotLockBit appears to be “significantly improved,” with no reported victims or evidence of active distribution in the wild as yet.
If you were to encounter the NotLockBit malware on a Mac, it could potentially attempt to exfiltrate data from your computer to Amazon Web Services (AWS) cloud storage buckets by encrypting any remaining files on your Mac and appending a “.abcd” suffix to their names.
The detection of this sophisticated ransomware variant has effectively mitigated its immediate threat, following its submission to VirusTotal by the attackers seeking to gauge its evasion capabilities.
Following the incident, the security team took swift action, effectively severing all access to the compromised AWS accounts involved in the data extraction process.
It’s unrealistic to think that no additional efforts will be made to tackle emerging Mac ransomware threats in the future, just as new variants will inevitably arise. Corporations that utilize Macs for their employees’ workstations would be wise to implement robust security measures to mitigate the risk of these devices serving as a vulnerability through which a malicious actor could compromise the organization’s overall security, thereby potentially causing widespread harm.
