Skip to main content

The biggest cybercriminals on the internet are now targeting Macs

The cybercriminal gang LockBit has now set its sights on Apple products with the development of its first ransomware for Macs, according to 9to5 Mac.

The Security research group MalwareHunterTeam (via Brett Callow) recently discovered that LockBit appears to have developed a ransomware build that is compatible specifically with macOS. The never-before-seen ransomware might be a first for LockBit, as the gang typically develops on Windows, Linux, and virtual host machines, the publication added.

A stack of MacBooks is pictured from the top down.

The Mac-specific ransomware seems to target Apple Silicon Macs and is listed on the web under the build name locker_Apple_M1_64, according to researchers.

Another older Twitter account called vx-underground shows mention of the LockBit ransomware around November 2022, however, MalwareHunterTeam and other researchers note that there seems to be no real indication of the existence of locker_Apple_M1_64 until nowThis current account might be the first public notice that Apple devices are at risk of being affected by ransomware. The research group notes that now that news of the ransomware is out in the open, Macs might be more susceptible to cyberattacks.

LockBit is a notoriously powerful gang on the web, and is known by security analysts as a Russian-based group. Even so, the group leader is believed to operate out of the U.S. or China. The cybercriminal gang is a ransomware-as-a-service (RaaS) operation that allows others to purchase their nefarious products for their own unsavory tasks, 9to5 Mac noted.

Not a single person I can find tweeted LockBit has a Mac targeting version before I did above yesterday, nor can find any blog posts mentioning it, etc. So even if the gang had the first build in 2022 November, for public, this is not late at all, but even yet, seems the first…

— MalwareHunterTeam (@malwrhunterteam) April 16, 2023

The group is already known for its custom ransomware exfiltration tool called StealBIT, and is also known for quickly updating and preparing its infrastructure to keep on top of the cybercriminal food chain, Kaspersky’s Global Research senior security researcher Dmitry Galov said in a statement last year.

Expanding its reach to Apple products might just be an indication of how powerful the ransomware group has become.

Jon DiMaggio from Analyst1 similarly told Wired earlier this year that LockBit’s leader treats the RaaS group very much like a business, with point-and-click access, frequent updates, concern about user feedback, and frequent recruitment from rival gangs to maintain the quality of the ransomware.

Editors' Recommendations

Fionna Agomuoh
Fionna Agomuoh is a technology journalist with over a decade of experience writing about various consumer electronics topics…
FBI disables Russian malware operation targeting foreign governments
An Illustration shows a programmer busy with a laptop and several monitors.

The FBI says it has disrupted a long-running malware operation that allowed Russian spies to steal sensitive information from numerous countries, including NASA-member governments, prominent journalists, and other targets deemed to be of interest to the Russian government.

The court-authorized operation, codenamed MEDUSA, disrupted a global peer-to-peer network of computers compromised by sophisticated malware called “Snake,” described by the U.S. Department of Justice (DOJ) as the "premier cyberespionage malware" of Russia's Federal Security Service (FSB). Officials said the malware was knocked offline at the start of this week.

Read more
Why Apple’s next MacBook already feels like a disappointment
The keyboard of the MacBook Air.

It's been an exciting couple of years of new Mac releases.

Last year we got the redesigned M2 MacBook Air. The year before that was the M1 Max MacBook Pro. And this year? Rumor is we're getting a 15-inch MacBook Air. That's right -- yet another MacBook for the lineup.

Read more
This macOS concept fixes both the Touch Bar and Dynamic Island
Concept of macOS dynamic dock.

What if your macOS dock behaved more fluidly, dynamically morphing to show background processes such as download progress, media controls, text messages, and so on?

The following concepts demonstrate "what if" macOS and iOS Live Activities got together and had a child, and they have certainly got my imagination going.

Read more