Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

LockBit ransomware is now targeting Macs for the first time

Last updated

The LockBit ransomware group has seemingly started to target macOS, following the discovery of the first malware build intended to infect Macs.

LockBit is a ransomware gang that has existed for a number of years, using malware to attack high-profile institutions such as the UK's Royal Mail and a Canadian hospital. Thought to be based in Russia, the organization has repeatedly used its malware to attack Windows and other platforms, but now it's going after macOS users.

Found by MalwareHunterTeam on Sunday, a build of a LockBit ransomware sample appears to be intended for Apple Silicon Macs. Described as "locker_Apple_M1_64," referencing the first wave of Apple's Mac chips, the build is believed to be the first LockBit ransomware sample in the wild aimed at modern Macs.

It is also thought to be the first time a major ransomware group took interest in creating a payload that attacks Apple hardware.

Unexpectedly, the M1_64 variant isn't the only non-Intel Apple-specific builds to surface. In one archive, ransomware builds are found to be made for PowerPC Macs.

While the existence of ransomware isn't necessarily a massive cause for alarm, especially on the first appearance, the operations of LockBit as a group makes it a more serious situation.

As well as using it for their own needs, the group also provides access to its ransomware to other criminals willing to pay. With the prospect of others potentially using it, it stands to reason that there could be a lot of ransomware attacks against Macs in the near future.



13 Comments

GrannySmith99 2 Years · 59 comments

Interesting, but i think you'll find it was discovered by the 'MalwareHunterTeam', not Hunder.

DAalseth 6 Years · 3067 comments

Disturbing, but hey alternative Mac App Stores are on the way. What could possibly go wrong.

ssh 17 Years · 15 comments

This article raises a number of unanswered questions:

  1. What are the mechanics of the malware? What does it attempt to do in exchange for a ransom?
  2. Does it have mechanisms for avoiding controls like GateKeeper, xProtect, and the MIR? What are they?
  3. What is there about the M1 in particular that the malware attacks?
I suspect most of the answers to these and similar questions will show this malware to be of little threat. That said, it's possible there are vulnerabilities which need to be addressed, and if they are in the M1 itself, this may be difficult to do. Without details, it's difficult to assess.

This seems to be a common theme in these kinds of reports, though. What's the practical impact of this discovery?

mikethemartian 18 Years · 1493 comments

DAalseth said:
Disturbing, but hey alternative Mac App Stores are on the way. What could possibly go wrong.

You can already buy and install Mac software from third party sites.

neoncat 5 Years · 165 comments

DAalseth said:
Disturbing, but hey alternative Mac App Stores are on the way. What could possibly go wrong.

You can already buy and install Mac software from third party sites.

That and both the iOS and Mac App Stores have been found to host malware. It's not common, but it's possible and will continue to happen.

But hey, let's knee-jerk put our op sec in Apple's hands because reasons. No company, no one company, should be in charge of your security, because they will always act in their best interests, not yours. Including (and especially) Apple.