While the excitement of the launch continues Latest MacBook Pro series with new M4 chip Current hardware users have been warned to be aware that hackers are targeting their older devices. Although it’s not something Apple fans want to hear, it looks like the ransomware threat to macOS is starting to move beyond fear, uncertainty, and doubt. Say hello to NotLockBit.

ForbesNew Cyber ​​Attack Warning: Confirming You’re Not a Robot Can Be DangerousWith Davey Winder

As MacBook Pro M4 Excitement Continues, Hackers Are Looking for Old Intel Hardware to Attack

A number of reports from different threat intelligence sources have highlighted the fact that macOS malware, specifically ransomware in this case, is on the radar of cyber attackers. Security researchers at Trend Micro They were the first to sound the alarm that a group of threat actors had deployed the “fake LockBit” ransomware exploit that included macOS users in its crosshairs. This has now been followed by another report, this time by security researchers in conjunction with SentinelOne. macOS.NotLockBit malware is deployed.

Interestingly, given that the focus of the media and Mac fans is on when Apple will start selling its latest M4-powered MacBook Pro hardware, NotLockBit is targeting older laptop users. “The ransomware is written in Go and distributed as an x86_64 binary, which means it will only run on Intel Macs or Apple silicon Macs with Rosetta emulation software installed,” SentinelOne said. This doesn’t let new MacBook Pro users off completely, of course, but it does make you worry about reading if you’re still stuck with an Intel device.

ForbesNSA to iPhone and Android Users: Restart Your Device NowWith Davey Winder

SentinelOne researchers have warned that ransomware threats to macOS users so far are, to be polite, evidence of concept exploits rather than actual attacks, or if the latter, then they are “insufficient to achieve their ostensible purpose.” , you can feel a big moment coming. But… The latest malware samples analyzed by SentinelOne show that threat actors are rapidly evolving the macOS ransomware model.

How Is NotLockBit Malware Attacking Intel MacBook Pro Users?

According to the SentinelOne intelligence report, NotLockBit ransomware collects system information after execution and targets the “System/Library/CoreServices/SystemVersion.plist” feature list file to retrieve the product name, version, and build number. It also queries “sysctl hw.machine” to get system architecture data, and finally “sysctl kern.boottime” to find out the time since the device was last booted. SentinelOne warned that security researchers had found an embedded public key that enables the potential for asymmetric encryption, “making decryption impossible without access to the private key held by the attacker.” Like modern ransomware, NotLockBit attempts to exfiltrate user data to a remote server.

ForbesIt’s 2024 and Your Laptop Can Be Hacked with a BBQ LighterWith Davey Winder

The good news is that the latest macOS ransomware threat is far from a done deal in terms of achieving its goals. In all software versions of the NotLockBit malware analyzed by SentinelOne, the attack was blocked by the MacBook Pro’s transparency, permission, and control protections. Apple says these protections, known as TCC, require all apps to obtain user permission before accessing files in Documents, Downloads, Desktop, iCloud Drive, and network volumes. “On macOS 10.13 or later, apps that require access to the entire storage device must be explicitly added to System Settings (macOS 13 or later) or System Preferences (macOS 12 or earlier)” Apple said. Additionally, accessibility and automation features require user permission to ensure they do not bypass other protections.

This said, According to SentinelOneHe said that “bypassing TCC is reasonably trivial” and therefore expects developments in future versions of the malware to counter multiple alerts, all of which require user permission, as the malware “seeks to traverse certain directories and control processes such as System Events” .”

Do MacBook Pro Users Need to Worry About Ransomware Right Now?

The truth of the latter is that every user of any computing device, regardless of the operating system on which it runs, should be aware of the threat from malware, including ransomware. MacBook Pro users are not immune from the risk of attacksbut mostly what prevails here is a massive phishing threat. But ransomware’s specific threat to macOS users seems both small and unlikely. “It’s clear that threat actors understand that the double whammy method that has worked so well on other platforms, essentially information thieves combined with file cabinets, is just as valid on Apple’s desktop platform,” SentinelOne said. he said. In fact, whether or not file encryption is successful, SentinelOne warned that threat users could still exploit stolen data. NotLockBit has no known victims or exploited distribution methods in the wild. Threat actors will undoubtedly continue to develop malware, just as Apple continues to develop protections to mitigate it. Let MacBook Pro fans get excited about new M4-powered devices coming soon, but keep an eye out for security threats, as everyone should.

ForbesiOS and Android Security Scares—2 Very Dangerous Apps Available in Official StoresWith Davey Winder