When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
However, the emergence of macOS.NotLockBit signals that hackers are actively developing more sophisticated methods for targeting Apple devices.
macOS.NotLockBit functions similarly to other ransomware, but it specifically targets macOS systems.
(Image credit: Shutterstock.com)
Upon execution, the ransomware collects system information, including the product name, version, and architecture.
It also gathers data on how long the system has been running since its last reboot.
The malware employs a public key for asymmetricencryption, meaning decryption without the attackers private key is nearly impossible.
The malware drops a README.txt file in directories containing encrypted files.
Thankfully, Apples TCC protections remain a hard nut for macOS.NotLockBit to crack.
These safeguards require user consent before granting access to sensitive directories or allowing control over processes like System Events.
SentinelLabs identified multiple versions of the malware, suggesting that macOS.NotLockBit is still in active development.
Early samples appeared lighter in functionality, focusing solely on encryption.
Later versions added data exfiltration capabilities and began employing AWS S3 cloud storage to exfiltrate stolen files.
