Are you a Windows iTunes user?
If so, you should upgrade iTunes immediately or run the risk of being infected with the BitPaymer ransomware strain.
The group controlling the software has been spotted using a zero-day exploit in iTunes for Windows, which allows them to bypass antivirus detection schemes entirely.
The good news is that Apple responded quickly to the flaw’s discovery and has already patched the zero-day out of existence in both iTunes for Windows and iCloud for Windows. The bug itself resided in the Bonjour updater component that ships with both products. The hackers discovered that by abusing the “unquoted service path” vulnerability, they could launch Bonjour then hijack the execution path, pointing it to the BitPaymer executable instead.
While the bug did not grant the hackers admin rights on the target machine, it allowed them to install the ransomware locally without detection, which is certainly bad enough on its own. Unfortunately, there’s a complication you should be aware of. If you used iTunes or iCloud for Windows in the past and uninstalled the software, the Bonjour component almost certainly remained behind, rendering your system vulnerable to the attack even if you’re not currently using either application.
Your system administrator will need to manually search for and delete the Bonjour component. If you are using either, then simply updating to the latest version will also update Bonjour, rendering your system protected.
It’s interesting that BitPaymer is being used in this way because typically, that particular strain of ransomware is used in “Big Game Hunting” attacks that target large organizations and seek to infect as many machines as possible, demanding a huge ransom.
This particular attack is designed to impact a single machine, so it could be a sign that BitPaymer’s owners are shifting gears, but it’s too soon to say that with any authority.
