LockBit ransomware group’s attempt to create a macOS version of their malware has been discovered by researchers. The malware is capable of encrypting files on Mac devices, but it does not seem to pose any real risk. Patrick Wardle, a security expert, has conducted an analysis of the macOS LockBit version and found that the current version of the malware cannot run on Mac devices due to macOS security measures such as TCC (Transparency, Consent, and Control). Furthermore, the analyzed malware sample was signed, but not with a trusted certificate, and has some bugs that can cause it to suddenly terminate when running on macOS. There is also evidence that much of the ransomware code was taken from a version designed to target Windows systems.
At this point in time, there is no known evidence that the LockBit ransomware group has deployed their macOS malware in the wild. While the group may be developing this piece of malware, its current version cannot cause any harm to Mac users. To protect themselves from any malicious ransomware attack, users should update their systems and keep their security software up to date.
Key points:
• LockBit ransomware group is attempting to create a macOS version of their malware
• The current version of the ransomware does not pose any real risk to Mac users
• The analyzed malware sample was signed, but not with a trusted certificate
• There is no known evidence that the ransomware has been deployed in the wild
• Mac users should update their systems and keep their security software up to date
