Attacks with the novel macOS.NotLockBit malware family — which Trend Micro researchers previously described to be from a different threat actor leveraging the identity of the LockBit ransomware gang — could present a significant ransomware threat against macOS devices, SC Media reports.
Aside from appropriating LockBit to raise its profile while evading law enforcement, threat actors behind macOS.NotLockBit have also established a fully developed infrastructure for data exfiltration and storage essential for massive attack campaigns, as well as leveraged asymmetric encryption that prevents unaided file decryption efforts, according to an analysis from SentinelOne SentinelLabs researchers.
While the payload has not yet been deployed in an active campaign, researchers also discovered evidence of continuous development. The newly emergent malware has been noted by Sectigo senior fellow Jason Soroko to be sophisticated due to its usage of an RSA 2048 public key-based master key encryption.
"NotLockBit seems to be designed to take advantage of people’s willingness to sometimes click through warning messages, specifically thrown by macOS transparency, consent, and control (TCC) framework," said Soroko.
