BitTorrent Client Transmission Again Victimized by OS X Malware

Discussion in 'Mac Blog Discussion' started by MacRumors, Aug 30, 2016.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Just five months after Transmission was infected with the first "ransomware" ever found on the Mac, the popular BitTorrent client is again at the center of newly uncovered OS X malware.

    Researchers at security website We Live Security have discovered the malware, called OSX/Keydnap, was spread through a recompiled version of Transmission temporarily distributed through the client's official website.

    OSX/Keydnap executes itself in a similar manner as the previous Transmission ransomware KeRanger, by adding a malicious block of code to the main function of the app, according to the researchers. Likewise, they said a legitimate code signing key was used to sign the malicious Transmission app, different from the legitimate Transmission certificate, but still signed by Apple and thereby able to bypass Gatekeeper on OS X.

    The researchers said they notified the Transmission team about the malware, and within minutes they removed the malicious file from their web server and launched an investigation. The researchers believe the infected Transmission app was signed on August 28 and distributed only on August 29, and thus recommend anyone who downloaded version 2.92 of the app between those dates to verify if their system is compromised by checking for the presence of any of the following files or directories:
    /Applications/Transmission.app/Contents/Resources/License.rtf
    /Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf
    $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd
    $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id
    $HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist
    /Library/Application Support/com.apple.iCloud.sync.daemon/
    $HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plist
    Transmission version 2.92 remains available through the software's update mechanism.

    Article Link: BitTorrent Client Transmission Again Victimized by OS X Malware
     
  2. sualpine macrumors 6502

    sualpine

    Joined:
    May 13, 2013
    #3
    This wouldn't happen if torrent apps were allowed in the App Store.
     
  3. Jessica Lares macrumors G3

    Jessica Lares

    Joined:
    Oct 31, 2009
    Location:
    Near Dallas, Texas, USA
    #4
    Oh wow, so close. Last time I opened Transmission was on the 18th to download some Humble Bundle stuff.
     
  4. Scellow macrumors member

    Joined:
    May 6, 2013
    #5
    utorrent is worse
     
  5. Picka macrumors member

    Joined:
    Oct 9, 2011
    #6
    Said no one. Ever.
     
  6. SandboxGeneral, Aug 30, 2016
    Last edited: Aug 30, 2016

    SandboxGeneral Moderator emeritus

    SandboxGeneral

    Joined:
    Sep 8, 2010
    Location:
    Detroit
    #7
    I'm glad I don't use these types of apps. I don't need the headaches of potentially getting malicious software on my machines.

    Clearly, I misread the story. :oops:
     
  7. keysofanxiety macrumors 604

    keysofanxiety

    Joined:
    Nov 23, 2011
    #8
    uTorrent is just as bad, with bundled 'change homepage settings' and the like. Transmission at least don't intentionally do this sort of thing, though boy they need to sort something out.
     
  8. iamnotme macrumors regular

    iamnotme

    Joined:
    Jan 24, 2015
    Location:
    SW Ontario, Canada
    #9
    It's gross that people turn around and use the open source model to their benefit while hurting others. I love being human
     
  9. lunarworks macrumors 65816

    Joined:
    Jun 17, 2003
    Location:
    Toronto, Canada
  10. saudor macrumors 6502a

    Joined:
    Jul 18, 2011
    #11
    I use the torrented version of an old version of utorrent (1.8) before the ads came in.. seems to work fine
     
  11. keysofanxiety macrumors 604

    keysofanxiety

    Joined:
    Nov 23, 2011
    #12
    Sources say that the armoured gerbil protecting the server room was distracted by a morsel of cheese.
     
  12. joshen macrumors regular

    joshen

    Joined:
    May 27, 2015
    #13
    "Last month ESET researchers wrote an article about a new OS X malware called OSX/Keydnap, built to steal the content of OS X’s keychain and maintain a permanent backdoor."

    oh boy
     
  13. GeneralChang macrumors 65816

    Joined:
    Dec 2, 2013
    #14
    I had that brief moment of panic until I realized it was on installations that were distributed during that time window. So that's me out. I may never update that app again, however...
     
  14. ArtOfWarfare macrumors G3

    ArtOfWarfare

    Joined:
    Nov 26, 2007
    #15
    I use Bit Rocket.

    There's tons of bit torrent clients around - I find it odd that everyone congregates around a single one... or ever update it? They're single purpose tools - plug in the torrent you want to download and it downloads.

    I find it odd that web browsers don't just support the protocol directly.
     
  15. Szarky macrumors 6502a

    Joined:
    Jul 29, 2010
    #16
    What a boring internet that would be.
     
  16. SandboxGeneral Moderator emeritus

    SandboxGeneral

    Joined:
    Sep 8, 2010
    Location:
    Detroit
    #17
    How so? I manage to find all sorts of interesting things to keep me entertained, informed and educated on the Internet without the use of these style apps.
     
  17. MiukuMac macrumors newbie

    MiukuMac

    Joined:
    Sep 28, 2015
    Location:
    Finland, European Union
    #18
    This wouldn't happen if the developers weren't horribly incompetent amateurs.
     
  18. RGPphotog macrumors member

    RGPphotog

    Joined:
    Oct 3, 2012
    Location:
    Orlando FL
    #19

    Sure makes you wonder who's behind these. #ConspiracyTheory.meme
     
  19. Undecided macrumors 6502a

    Joined:
    Mar 4, 2005
    Location:
    California
    #20
    That's so cheesy.
     
  20. a0me macrumors 65816

    a0me

    Joined:
    Oct 5, 2006
    Location:
    Tokyo, Japan
    #21
    You can as easily get malware using any Internet browser, and yet most people posting on these forums seem to be using one.
    Unless if by "these types of apps" you mean "apps that can be used to commit copyright infringement," in which case you'll need to stop using your Internet browser, your camera app, and more generally any kind of operating system.
     
  21. needfx macrumors 68040

    needfx

    Joined:
    Aug 10, 2010
    Location:
    macrumors apparently
  22. LERsince1991 macrumors 65816

    Joined:
    Jul 24, 2008
    Location:
    UK
    #23
    Can someone please clarify what is and isn't safe.

    For example if transmission automatically updated within this period is it compromised. Or does the download have to be direct from the website using browser?
     
  23. Makosuke macrumors 603

    Joined:
    Aug 15, 2001
    Location:
    The Cool Part of CA, USA
    #24
    Transmission is an extremely polished client, so it's rather disappointing that they've managed to get their official builds, distributed from their own website, built with malware twice now. That does not speak well, at all, to how they maintain either their servers or their dev team.

    An aside to those ragging on BitTorrent:

    First, there are surprisingly enough some legit things that are now distributed primarily or exclusively through BT. I needed to get Transmission running to download ATI's tech demo package recently.

    And second, while its obviously heavily abused to pirate content, there is also a huge grey area of technically-not-okay things that don't really fall into the standard bin of piracy. Example: J-dramas. While this has been improving (mostly Crunchyroll and, for K-dramas, Hulu) there are still many, particularly older ones, that have never been licensed or officially released outside Japan, so while there's always the "market poisoning" question if somebody does consider licensing in the future, there's currently no legitimate way to view them if you live in the US, and since there is no official distributor in this country there's also nobody defending the copyrights. Conversely, it's quite likely that if there was no underground scene of fansubbing and distributing J-dramas illegally, there would be almost none of the interest that makes a legit service like Crunchyroll possible.
     
  24. needfx macrumors 68040

    needfx

    Joined:
    Aug 10, 2010
    Location:
    macrumors apparently
    #25
    that was actually funny
     

Share This Page