I suspect it would simply encrypt the enrypted file(s) over again.
Ah. I didn't think of that.
I suspect it would simply encrypt the enrypted file(s) over again.
From what it looks like, the malware encrypts the individual files, so it could still work on an encrypted disk.
I was under the impression that Macs are immune from virus/malware/ransomware. Or am I just being naive?![]()
For the sake of simplicity, I believe you have to install the Transmission app to have this infection happen, if one has never run the installer you would be in the clear.
![]()
This weekend, a notice appeared on Transmissionbt.com warning users that version 2.90 of the popular Mac BitTorrent client downloaded from their site may have been infected with malware. The warning reads:Reuters reports that the infected download contained the first "Ransomware" found on the Mac platform. Ransomware is a type of malware that encrypts a user's hard drive and demands payment in order to unencrypt it. This type of attack has been increasingly popular on the PC, but this is the first time it has been seen on the Mac.
According to Reuters, Apple is aware of the issue and has already revoked "a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs."
The malware in question is said to delay encrypting the user's hard drive for 3 days, so we may see the first reports of those affected as early as Monday. Transmissionbt.com offers instructions on how to see you are affected (above). If you don't use the Transmission software, there is nothing you need to do at this time.
Article Link: First Mac Ransomware Found in Transmission BitTorrent Client
![]()
This weekend, a notice appeared on Transmissionbt.com warning users that version 2.90 of the popular Mac BitTorrent client downloaded from their site may have been infected with malware. The warning reads:Reuters reports that the infected download contained the first "Ransomware" found on the Mac platform. Ransomware is a type of malware that encrypts a user's hard drive and demands payment in order to unencrypt it. This type of attack has been increasingly popular on the PC, but this is the first time it has been seen on the Mac.
According to Reuters, Apple is aware of the issue and has already revoked "a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs."
The malware in question is said to delay encrypting the user's hard drive for 3 days, so we may see the first reports of those affected as early as Monday. Transmissionbt.com offers instructions on how to see you are affected (above). If you don't use the Transmission software, there is nothing you need to do at this time.
Update: Technical details about the malware.
Update 2: Transmissionbt.com says version 2.92 of Transmission will actively remove the malware.
Article Link: First Mac Ransomware Found in Transmission BitTorrent Client
$400Anyone know how much they're asking for the unlock? Clever bastards.
$400
to be expected when people use BitTorrent, I have zero sympathy for people who pirate stuff!
it was 1 example...and yes I do and run it in parallels....Do a lot of people with Macs download Linux?
How do we know 2.91 or 2.92 aren't just the same folks that uploaded the bad version, using the publicity and fact that everyone is going to update to get more people to install a further infected build?
Use the fear of even those not infected to get even more to install further infected builds. It'd be a brilliant move.
Are we sure this is not an act by the DOJ or its lackeys (ex. FBI) paying Apple a sample of things to come?
After all the download is from the app's legitimate site - you just have to force/bribe one person inside!
This is meant as a talking point - hope it is not anywhere close to reality!
Wonder how many different, valid Apple developer certificates these folks have?
Apple already revoked the one that they used to sign the first 'bad version'.
I'm guessing the whole Transmission update process will be under Apple's microscope for a bit. I'd be very surprised if anything bad gets up there and doesn't get quickly noticed and then revoked again.
Does this only affect those who downloaded TransmissionBT since March 4th of version 2.9.1 only? I remember I downloaded 2.9.0 on February 28th... I take it that version/copy is safe?
Why does everyone here even have BitTorrent ? I thought it was just used to illegally download media ?
Damn there are many people here who can't read the OP.
No, if you dont use the software you are not affected. You don't die from car crashes that happens in the other end of the country.
I have kernel_task running on my Mac. Not kernel_service.No kernel_service is running on my Mac.
Epic malware fail.
Quite a small time frame to be infected, and 2.90 is out from a while...
Let's not try and deny that 99.5% of torrent use is for pornI see the heart you have here. But let's not try and deny that 99.5% of torrent use is transfer of illegal material.
Like a backup to external disk, not internal disk. I remember this is a recommended practice to keep backup separately stored elsewhere.While it remains unclear whether this particular malware encrypts backups, it's a risk with any ransomware. Some of the Windows ransomwares delete "shadow copies" which is a time machine-like feature. The only true backup is offline, offsite backup.