Circulating through torrent sites and first found on a Russian forum, the malware installer camouflages itself as an installer for the legitimate Little Snitch app. Popular among torrenters, Little Snitch lets users monitor and filter network traffic so they can prevent or allow others to connect to networks using advanced rules.
MacBook Air vs MacBook Pro: Which MacBook Should You Buy?Best MacBook in 2020: Apple laptop reviews and ratingsMacBook Pro (13-inch, 2020) Review
Mac users attempting to download the app need to be extra careful about what link they use as the wrong one could lead to a ransomware attack. As Malwarebytes Labs (opens in new tab) notes, it can be difficult to tell real from fake as the faux installer is “attractively and professionally packaged, with a well-made custom installer that is properly code signed.” The malicious app would download the legitimate Little Snitch installer along with a nasty script used to load malware. Fortunately, the hidden attack isn’t particularly effective. As Malwarebytes Labs learned, the malware installs but “the attempt to run the Little Snitch installer got hung up indefinitely, until I eventually forced it to quit.” Also, the malware failed to encrypt anything even after it was running for a long time and fed decoy documents as bait. Eventually, the malware would infect your Mac and spread its way throughout your hard drive. However, during Malwarebytes Labs’ experiment, it only started to encrypt files after a number of settings were intentionally changed to encourage malicious behavior. And once it got going, the malware “wasn’t particularly smart about what files it encrypted” and it failed to send a ransomware request.
How to protect your MacBook
As Malwarebytes Labs points out, the best way to avoid having your data stolen is by creating backups. Once you have a backup, you can erase your hard drive and restore it. “Keep at least two backup copies of all important data, and at least one should not be kept attached to your Mac at all times. (Ransomware may try to encrypt or damage backups on connected drives.)” Being careful about what links you press is another surefire way to avoid malware. Only download programs from legitimate websites — never go through a forum or use a link from someone you don’t know. This is a good time to recommend anti-virus software. Malwarebytes for Mac will detect and remove this particular attack.