The cybercriminal gang LockBit has now set its sights on Apple products with the development of its first ransomware for Macs, according to 9to5 Mac.
The Security research group MalwareHunterTeam (via Brett Callow) recently discovered that LockBit appears to have developed a ransomware build that is compatible specifically with macOS. The never-before-seen ransomware might be a first for LockBit, as the gang typically develops on Windows, Linux, and virtual host machines, the publication added.
The Mac-specific ransomware seems to target Apple Silicon Macs and is listed on the web under the build name locker_Apple_M1_64, according to researchers.
Another older Twitter account called vx-underground shows mention of the LockBit ransomware around November 2022, however, MalwareHunterTeam and other researchers note that there seems to be no real indication of the existence of locker_Apple_M1_64 until now. This current account might be the first public notice that Apple devices are at risk of being affected by ransomware. The research group notes that now that news of the ransomware is out in the open, Macs might be more susceptible to cyberattacks.
LockBit is a notoriously powerful gang on the web, and is known by security analysts as a Russian-based group. Even so, the group leader is believed to operate out of the U.S. or China. The cybercriminal gang is a ransomware-as-a-service (RaaS) operation that allows others to purchase their nefarious products for their own unsavory tasks, 9to5 Mac noted.
Not a single person I can find tweeted LockBit has a Mac targeting version before I did above yesterday, nor can find any blog posts mentioning it, etc. So even if the gang had the first build in 2022 November, for public, this is not late at all, but even yet, seems the first… pic.twitter.com/4iR71cuLpo
— MalwareHunterTeam (@malwrhunterteam) April 16, 2023
The group is already known for its custom ransomware exfiltration tool called StealBIT, and is also known for quickly updating and preparing its infrastructure to keep on top of the cybercriminal food chain, Kaspersky’s Global Research senior security researcher Dmitry Galov said in a statement last year.
Expanding its reach to Apple products might just be an indication of how powerful the ransomware group has become.
Jon DiMaggio from Analyst1 similarly told Wired earlier this year that LockBit’s leader treats the RaaS group very much like a business, with point-and-click access, frequent updates, concern about user feedback, and frequent recruitment from rival gangs to maintain the quality of the ransomware.
