Two pieces of Mac malware – MacRansom and MacSpy – that seem to be created by the same developer are being offered for sale through two separate dark web portals.
Both MacSpy and MacRansom showed up on a cybercrime forum late last month, and appear to have been created by the same author, according to Bleeping Computer.
With MacRansom, the malware creator seems to be starting a “ransomware as a service” business in which he creates malware, then franchises it out to budding online crooks who do the actual distribution and infection of victim machines. The creator gets a 30 percent cut of all revenue earned in exchange for keeping the malware running properly.
Victims infected by MacRansom will have a maximum of 128 files encrypted, and will see a ransom note that they have one week to “buy” decryption software from the ransomware creator for 0.25 bitcoins, about $700 at current exchange rates. After seven days, the note says, the victim’s decryption key “will be automatically removed from our server” and the files forever lost.
MacSpy comes in two versions: a free basic one and an advanced one that costs an unknown amount of bitcoins. The basic captures screenshots, logs keystrokes, records audio, steals photos, retrieves clipboard contents, steals browsing histories and download data, and communicates via Tor. The advanced version offers the retrieval of any files and data from the target computer, can encrypt the user directory, allows access to email and social networking accounts, and more.