Mildly ironic that Apple has dropped iTunes from the MacOS platform. Update now…:
The ransomware operators targeted an “unquoted path” vulnerability in iTunes for Windows to evade detection and install BitPaymer.
BitPaymer operators are sophisticated and savvy in launching attacks. A month before they discovered the iTunes zero-day, Morphisec researchers saw the group creating new variants of the ransomware before planting it on a target network, making detection much more difficult. This group carefully chooses its victims and sits on the network for a while before it strikes.
Now the same attackers are taking advantage of an “unquoted path” vulnerability in the Bonjour updater that comes bundled with iTunes for Windows. This is a well-known flaw that has been identified by vendors for more than 15 years but is rarely seen in active attacks.