Thomas Reed from Malwarebytes Labs has published a blog on a new Mac ransomware — the first in four years and only the fourth ever.
“A Twitter user going by the handle @beatsballert messaged me yesterday after learning of an apparently malicious Little Snitch installer available for download on a Russian forum dedicated to sharing torrent links,” he writes. “A post offered a torrent download for Little Snitch, and was soon followed by a number of comments that the download included malware. In fact, we discovered that not only was it malware, but a new Mac ransomware variant spreading via piracy.
![](/wp-content/uploads/archive/B19820EB-0F87-41F4-A15B-68F9664C512C.png)
![](/wp-content/uploads/archive/B19820EB-0F87-41F4-A15B-68F9664C512C.png)
Analysis of this installer showed that there was definitely something strange going on.
“To start, the legitimate Little Snitch installer is attractively and professionally packaged, with a well-made custom installer that is properly code signed,” Reed writes. “However, this installer was a simple Apple installer package with a generic icon. Worse, the installer package was pointlessly distributed inside a disk image file.”
Read the entire blog post for details. Malwarebytes makes software designed to stop hackers and malware and clean up an infected machine.