BitTorrent Client Transmission Again Victimized by OS X Malware

[ActionableMango]

I'm glad I don't use these types of apps. I don't need the headaches of potentially getting malicious software on my machines.

I don't see what the "type of app" has to do with anything.

According to the article, the app developer had their server compromised in such a way that the download for the legitimate app was replaced with one recompiled to include malware. Presumably this could happen to any company or any type of app. Similar things have happened to many other companies, small and large, for many types of applications, including Apple's App Store:

https://www.wired.com/2015/09/apple-removes-300-infected-apps-app-store/

 

[djang0]

Lame on the dev team's part. Transmission is a great client, but I uninstalled it when the first malware issue occurred. If developers can't secure their distribution workflow I have no interest in their software.

they said a legitimate code signing key was used to sign the malicious Transmission app, different from the legitimate Transmission certificate, but still signed by Apple and thereby able to bypass Gatekeeper on OS X.

How did that happen exactly?

 

[emm386]

I'm glad I don't use these types of apps. I don't need the headaches of potentially getting malicious software on my machines.

Oh boy, oh boy..

You, unfortunately, did not understand the quintessential problem here:

If this could happen with something that you fearfully refer to as "these types of apps", it could literally happen with ANY app you download to your Mac.

As all of Apple's thoughtful countermeasures (something I will refer to as "snake oil") are seemingly absolutely useless, even digital certificates. MacOS X, OS X, macOS or whatever they call it at the moment is simply lacking most security measures of a modern operating system.

And all Apple could come up with recently is an AppStore...

 

[S.B.G]

I don't see what the "type of app" has to do with anything.

According to the article, the app developer had their server compromised in such a way that the download for the legitimate app was replaced with one recompiled to include malware. Presumably this could happen to any company or any type of app. Similar things have happened to many other companies, small and large, for many types of applications, including Apple's App Store:

https://www.wired.com/2015/09/apple-removes-300-infected-apps-app-store/

Oh boy, oh boy..

You, unfortunately, did not understand the quintessential problem here:

If this could happen with something that you fearfully refer to as "these types of apps", it could literally happen with ANY app you download to your Mac.

As all of Apple's thoughtful countermeasures (something I will refer to as "snake oil") are seemingly absolutely useless, even digital certificates. MacOS X, OS X, macOS or whatever they call it at the moment is simply lacking most security measures of a modern operating system.

And all Apple could come up with recently is an AppStore...

Ahhh, yes, I did misread the story. My apologies and thanks for correcting me.

 

[sudo1996]

Transmission is great, but it's one of those applications that constantly want to be updated for no reason. I've left mine at the same version for years, avoiding this repeated risk. Their webserver admins are apparently total n00bs.
[doublepost=1472579202][/doublepost]

uTorrent FTW...

If you aren't saying this jokingly, I'd like to point out that every version of uTorrent is sketchy because of ads and secretly running in the background, and one of the latest versions used your computer TO MINE BITCOINS. Worse, it wasn't because someone distributed an illegit binary. The dev team put that in there intentionally.

 

[IJ Reilly]

What a boring internet that would be.

If the internet is becoming too dull you could always take up arena wrestling

 

[sudo1996]

How so? I manage to find all sorts of interesting things to keep me entertained, informed and educated on the Internet without the use of these style apps.

I know you're thinking of piracy, but some legitimate things also use it. I have to use bit torrents to download Linux distributions. But I feel like the protocol was designed with piracy in mind since it's so perfect at letting people get away with it, so I wish all the legitimate stuff used a different distribution method.
[doublepost=1472579490][/doublepost]

I use Bit Rocket.

There's tons of bit torrent clients around - I find it odd that everyone congregates around a single one... or ever update it? They're single purpose tools - plug in the torrent you want to download and it downloads.

I find it odd that web browsers don't just support the protocol directly.

Yes, I don't understand why these clients want to update more frequently than any web browser. I don't know why others only look at popular clients, but this is why I do: Because these programs often target pirates, they tend to be sketchy*, so people prefer to use something really well-known. That way, even if stuff like this happens, it's discovered quickly.

* If you've ever seen µTorrent or any piracy website, all the ads are for prostitutes, MacKeeper, or other questionable things.

 

[wlossw]

As long as usenet apps are still safe...

 

[fhall1]

Oh wow, so close. Last time I opened Transmission was on the 18th to download some Humble Bundle stuff.

"Using" an already installed version of Transmission on those dates was not the problem. Installing the update of Transmission on those dates was the issue.

 

[Tuci]

I'm glad I don't use these types of apps. I don't need the headaches of potentially getting malicious software on my machines.

Any open source software can be hacked like this.

 

[konqerror]

Oh boy, oh boy..

You, unfortunately, did not understand the quintessential problem here:

And all Apple could come up with recently is an AppStore...

You don't understand OS security. Except for the built-in known to be shoddy Windows antivirus, there's nothing that would have stopped this on Windows. It still lets you execute arbitrary code.

Both Windows and MacOS have sandboxing that would have stopped this. But without the App Store, there's no enforced sandboxing. The malicious app you download says "don't sandbox me" and the OS doesn't. If the app WAS downloaded from the App Store, then mandatory sandboxing that Apple applies would have protected the system.

 

[KALLT]

Lame on the dev team's part. Transmission is a great client, but I uninstalled it when the first malware issue occurred. If developers can't secure their distribution workflow I have no interest in their software.

To be frank, I was really annoyed by the developer’s conduct when KeRanger was discovered. To my knowledge, they never bothered with publishing a press release and just posted a link to another third-party website and they never followed up with a report or like that explained how it could happen in the first place and what they would do to prevent this in the future. That made me suspicious of them and now we see that their downloads server has been compromised again. I am inclined to remove the software from my Mac now, because there clearly something goes very wrong there.

How did that happen exactly?

Developer certificates can be stolen, fake accounts can be created with stolen financial data. As long as you pay, you will be able to become a member of Apple Developer and obtain a certificate. It is possible for Apple to revoke it and contain the malware, in addition to updating XProtect, although this happens not as quickly, but there will always be some early victims that Gatekeeper will not be able to prevent.

 

[willryan42]

I'm glad I don't use these types of apps. I don't need the headaches of potentially getting malicious software on my machines.

Uh, "these types of apps?" A hack like this could happen to any app. It has nothing to do with the fact that it's a torrent client.

 

[S.B.G]

Uh, "these types of apps?" A hack like this could happen to any app. It has nothing to do with the fact that it's a torrent client.

See my other post.

 

[bladerunner2000]

How so? I manage to find all sorts of interesting things to keep me entertained, informed and educated on the Internet without the use of these style apps.

Are you saying that because you have to as a staff member of Macrumors or do you actually believe that?

 

[S.B.G]

Are you saying that because you have to as a staff member of Macrumors or do you actually believe that?

Believe what? That I can find interesting things on the Internet without using torrents?

The only time I speak for MacRumors is when I preface a post with the words "mod note" or something to that effect. Otherwise all posts are on behalf of me.

 

[drewsof07]

Great, more ammunition for Apple making it difficult to run apps obtained from somewhere other than the App store in Sierra. They keep saying they want to leave their platform to developers, but only if they're getting a cut.

 

[macpanzer]

As long as usenet apps are still safe...

Ssh.. The first rule on Usenet - we don't talk about Usenet.

 

[GenesisST]

I haven't used torrents in a while... I think the last times were even for (ahem) proper use, like downloading a Ubuntu ISO or something.

 

[ActionableMango]

Great, more ammunition for Apple making it difficult to run apps obtained from somewhere other than the App store in Sierra.

Last year the App Store suffered the exact same problem of hosting infected apps for download.

https://www.wired.com/2015/09/apple-removes-300-infected-apps-app-store/

 

[RootBeerMan]

Well, this gives me pause about updating my copy of Transmission. I dodged the last infection and now this one. That said, I doubt I'll abandon the app, it works so much better than others I've tried. I'll just avoid updating, till they get things sorted out and stop being a target for these infections.

 

[OldSchoolMacGuy]

How did that happen exactly?

Gatekeeper doesn't prevent malicious software. It only allows Apple to turn off signing for software that is later identified as malicious. As long as you pay the yearly fee, they'll allow you to sign your software. With a product like Transmission, it could be installed hundreds of thousands of times before Apple becomes aware of an issue and kills the certificate.

 

[cylack]

I used to use Transmission. Switched over this week to the desktop version of WebTorrent. It is blazingly fast and super simple to use. Best of all, you can start to watch your video file as a stream while downloading, and it does it without any stuttering.

 

[lostczech]

If anyone wants to leave Transmission, likes uTorrent UI, but no ads, try Deluge http://dev.deluge-torrent.org/wiki/Download

 

[Mr. Retrofire]

...Likewise, they said a legitimate code signing key was used to sign the malicious Transmission app, different from the legitimate Transmission certificate, but still signed by Apple and thereby able to bypass Gatekeeper on OS X...

Gatekeeper at work...



The next target is SIP.