Threat Database Mac Malware Ransomware.MacOS.FileCoder.A


Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 2
First Seen: January 25, 2021
Last Seen: December 29, 2022

Ransomware for Mac computers is not that common as compared to the widely spread encrypting malware threats attacking the Windows operating system. Yet, at the end of 2020, a malware threat for macOS named Ransomware.MacOS.FileCoder.A was detected. Whenever installed on a device, FileCoder encrypts important files of the most popular formats and makes them inaccessible for the user. Subsequently, the threat actors ask victims to pay a particular ransom to get the data back. A ransom note appears in the form of a text file or as wallpaper and demands the user to pay 0.25 BTC to the attackers’ given BitCoin address. Dealing with cybercriminals is never a good idea though, as they often do not send a decrypting tool after receiving the ransom.

Ransomware.MacOS.FileCoder.A probably creates unique strings in the /Users directory, and besides locking up documents, videos, images, and other types of valuable files, it also claims to encrypt data stored in the cloud and on external devices. Unfortunately, very often encrypted data is recoverable only from backups. After that, the macOS device can be cleaned through a trusty anti-malware program.

Researchers think that Ransomware.MacOS.FileCoder.A may also have some Trojan-like capabilities, including:

  • Installing additional malware
  • Copying itself on the computer
  • Collecting keystrokes
  • Extracting saved passwords and important files

Reports indicate Ransomware.MacOS.FileCoder.A typically spreads through bundled kits containing application cracks or patches that allow the user to make unlicensed software copies licensed. As soon as the bogus crack is opened, it pretends to activate the program and asks the user to follow the instructions, while, at the same time, the malware runs its encryption routine in the background. Other distribution channels are spam emails with infected attachments and corrupted links that lead to shady websites.


Most Viewed