This weekend, a notice appeared on Transmissionbt.com warning users that version 2.90 of the popular Mac BitTorrent client downloaded from their site may have been infected with malware. The warning reads: Reuters reports that the infected download contained the first "Ransomware" found on the Mac platform. Ransomware is a type of malware that encrypts a user's hard drive and demands payment in order to unencrypt it. This type of attack has been increasingly popular on the PC, but this is the first time it has been seen on the Mac. According to Reuters, Apple is aware of the issue and has already revoked "a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs." The malware in question is said to delay encrypting the user's hard drive for 3 days, so we may see the first reports of those affected as early as Monday. Transmissionbt.com offers instructions on how to see you are affected (above). If you don't use the Transmission software, there is nothing you need to do at this time. Update: Technical details about the malware. Update 2: Transmissionbt.com says version 2.92 of Transmission will actively remove the malware. Article Link: First Mac Ransomware Found in Transmission BitTorrent Client
Apparently it only affects users who downloaded it off of the website and not those who used the in app update.
That's worrying. You're encouraged to constantly keep your applications and OS updated, but recently that's becoming troublesome. First with Apple's silent security update disabling wired networks and now this! Worrying year for security this.
Thats good news for me as I always update though the app. Still went to check and no such process was running.
just started the app, I saw the warning and updated it. Shame on the developer here (since the infected app was downloaded from their website).
The Transmission forum posts and some Reddit posts all seem to point that direction. I updated to 2.90 in the app with Sparkle and was not infected.
Yup. It appears that if you updated within the app (i.e. with Sparkle) you're fine. It's only the direct downloads that were infected. Nevertheless, Transmission and its Library folders have made a quick trip to my Trash.
Cant really blame Apple for data loss if you (a) Don't make regular backups (b) Install bit torrent clients (from a website no less) Which have little or no legitimate use other than piracy
Backups people, backups! Too often no one cares about backups until they are struck with something like this. There was an article, I think on NPR, a while back that chronicled the hoops people have to jump through in order to get rid of ransomware when they haven't practiced good backup strategy. There's a clock running and for someone who has never dealt with bitcoin before it can be challenging even if you want to pay the ransom. Edit to add: here was the article I was thinking of, it was on RadioLab: http://www.radiolab.org/story/darkode/
Looks like Apple has updated XProtect for this KeRanger malware already. This is from my xprotect.plist file.
Here's a detailed write-up on how the software works. http://researchcenter.paloaltonetwo...ted-transmission-bittorrent-client-installer/