BitPaymer Ransomware attack on Apple iTunes Windows

All those who are using Apple iTunes on Windows systems are hereby alerted that their computer systems are vulnerable to zero-day iTunes flaw which allows hackers to bypass the anti-virus protection and encrypt their files with malware.

Cybersecurity firm named Morphisec was the first to detect this flaw in August this year when security researchers from the firm were hired to clean up a database related to an automobile industry hit by BitPaymer ransomware. It was later revealed in the probe that the file-encrypting malware reached the network through a zero-day flaw on Bonjour updater of iTunes downloaded onto Windows Machines.

Technically, hackers are seen launching Bonjour component on iTunes, hijack its execution path and then divert it to the servers hosting BitPaymer Ransomware.

What’s more, apprehending about the incident is that the Bonjour component remains installed on Windows machines even after the iTunes or iCloud app is removed from the system. So, users who uninstalled iTunes from their respective Windows machines on a previous note are still reported to vulnerable to the ransomware attacks.

Therefore, what’s the solution…?

The only way to get out of the situation is to urge system administrators to scan workstations for the Bonjour Component and remove it on a manual note. Or just simply install the latest version of iTunes which erases or rewrites all previous files.

Note 1- For those using macOS Catalina, this ransomware attack alert doesn’t apply.

Note 2- Apple patches the vulnerability on Oct 7th of this year.

Ad
Join over 500,000 cybersecurity professionals in our LinkedIn group "Information Security Community"!
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display