Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.


macrumors bot
Original poster
Apr 12, 2001


This weekend, a notice appeared on warning users that version 2.90 of the popular Mac BitTorrent client downloaded from their site may have been infected with malware. The warning reads:
Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file.

Using "Activity Monitor" preinstalled in OS X, check whether any process named "kernel_service" is running. If so, double check the process, choose the "Open Files and Ports" and check whether there is a file name like "/Users//Library/kernel_service". If so, the process is KeRanger's main process. We suggest terminating it with "Quit -> Force Quit"
Reuters reports that the infected download contained the first "Ransomware" found on the Mac platform. Ransomware is a type of malware that encrypts a user's hard drive and demands payment in order to unencrypt it. This type of attack has been increasingly popular on the PC, but this is the first time it has been seen on the Mac.

According to Reuters, Apple is aware of the issue and has already revoked "a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs."

The malware in question is said to delay encrypting the user's hard drive for 3 days, so we may see the first reports of those affected as early as Monday. offers instructions on how to see you are affected (above). If you don't use the Transmission software, there is nothing you need to do at this time.

Update: Technical details about the malware.

Update 2: says version 2.92 of Transmission will actively remove the malware.

Article Link: First Mac Ransomware Found in Transmission BitTorrent Client


Jan 18, 2005
That's worrying. You're encouraged to constantly keep your applications and OS updated, but recently that's becoming troublesome. First with Apple's silent security update disabling wired networks and now this! Worrying year for security this.


macrumors 68020
Oct 22, 2014
known but velocity indeterminate
Backups people, backups! Too often no one cares about backups until they are struck with something like this. There was an article, I think on NPR, a while back that chronicled the hoops people have to jump through in order to get rid of ransomware when they haven't practiced good backup strategy. There's a clock running and for someone who has never dealt with bitcoin before it can be challenging even if you want to pay the ransom.

Edit to add: here was the article I was thinking of, it was on RadioLab:
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.