March 7, 2016
How to Keep Your Mac Safe from Malware
It’s long been rumored that Mac computers were safer from malware than PCs.
The truth of the matter, though, is Windows machines have typically been more widely used than Macs, so they have been more targeted for attacks and viruses.
As Apple devices have become more in use, they are now in the sights of malware creators. This weekend, news erupted of a new malware threat against Macs, a ransomware program called KeRanger. The malware was discovered by security firm, Palo Alto Networks.
Any Mac user who downloaded the Transmission BitTorrent client installer for OS X may be infected. Here are ways to tell if your Mac has been hit (from Palo Alto Networks):
The virus encrypts certain types of document and data files on a Mac machine. It asks victims to pay exactly one bitcoin (currently around $400) through a specific Tor network website to decrypt the files.
How to Find the Virus and Remove It
Using either Terminal or Finder, check whether /Applications/Transmission.app/Contents/Resources/ General.rtf or /Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf exist. If any of these exist, the Transmission application is infected. Delete this version of Transmission.
Using “Activity Monitorâ€ pre-installed in OS X, check whether any process named “kernel_serviceâ€ is running. If so, double check the process, choose the “Open Files and Portsâ€ and check whether there is a file name like:
“/Users/<username>/Library/kernel_serviceâ€ (Figure 12). If so, the process is KeRanger’s main process. We suggest terminating it with “Quit -> Force Quit.â€
After these steps, users should check whether the files “.kernel_pidâ€, “.kernel_timeâ€, “.kernel_completeâ€ or “kernel_serviceâ€ existing in ~/Library directory. If so, delete them.
A Few Other Safety Tips
You always greatly increase the chance of a malware infection by downloading BitTorrent clients; “freeâ€ multimedia files, such as videos and music; and by accessing adult websites.
The best ways to protect your computer from the infection is to minimize visits to the aforementioned sites, and by installing an antivirus such as Malwarebytes or Kaspersky.
Additionally, ensure you use strong passwords on both your home Wi-Fi router and any websites you regularly access via a desktop computer or mobile device. Whenever available, opt to use two-factor authentication for logging into an app or website.