Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
First Mac Ransomware Found in Transmission BitTorrent Client
- Thread starter MacRumors
- Start date
- Sort by reaction score
People also use BitTorrent to download things like Linux distributions.
It's not really fair to compare a standard OS X setup with anything hardened.
Here are some links relating to hardening of OS X (albeit a bit old, did a quick search to find them):
https://techwiki.uwm.edu/display/SecOfficeStandGuide/Mac+Hardening+Guidelines
https://isc.sans.edu/forums/diary/The+Ultimate+OS+X+Hardening+Guide+Collection/12616/
Educate yourself, understand the risks of doing different things on the net. Check the guides posted above and apply what you think is relevant.
Always have an offline weekly or monthly backup, plus TimeMachine of course. There is always a chance you will be hit by something. Prepare for that in advance. Practice safe sex.
Or condemning roads because robbers use them to flee. Or condemning Privacy because some people commit crime and don't tell others about it.
Last edited:
I disagree. The optics of "the first Mac ransomware" has made this all about Apple and quite possibly may be something that affects the reputation of the Mac brand for quite awhile.
Regardless, my response was simply saying "that's not likely" to the question "what if the 'fixed' version of Transmission was hacked like the 'bad' version?"
You do realise many linux distributions, and lots of open source software provide the bittorrent option, and encourage it, in order to take significant load off their servers (i.e. save on hosting costs).
Its's also true that through the update you might get important security fixes, so waiting might end up being counterproductive.
Probably not. I do all the time. Just grabbed linuxcnc (via the mac) two nights ago to install natively on another pc. Also grabbed solus and void linux, in order to see what direction some newer distros are taking. Gotta keep an Apple exit plan handy just incase!
The encryption works if someone from outside try to decode your drive. But if your user run a server to serve all your HD, even if this one is encrypted, the virus / mal ware uses your user who is allowed to decrypt files to read an re encrypt them... So encrypting stuff will not help in this case. The best thing to do is avoid clicking on weird stuff and in that case, wait few weeks before doing updates...
It confirm Transmission v2.92 kill kernel_service Process and other files.
https://trac.transmissionbt.com/changeset/14712
I've been using transmission since July 1/14. No issues?? Does Malwarebytes work on this? Just looked, and I'm using version 2.84(14306).
I recommend your do. I changed my mom to Mint from WinXP a few years ago, and I follow it's development and play around with in in virtual machines quite often. Windows 8.1 is the last Windows version I'm going to run. Trying to decide if I want to go full OSX (already have a MacBook for laptop), or go to Mint for my next desktop OS. The main thing that keeps me from wanting to go to OSX is I like being able to build my own PCs.
[doublepost=1457338625][/doublepost]
There's a free version of Avira antivius for Mac.
I'd say that thing to remember most is pay attention when you're online. People go to the wrong places, or run the wrong app and catch this stuff.
The disabling of ethernet is the first ever mistake with XProtect and certainly easy to fix. WiFi or phone tethering and you're back in business.
The ransomware issue with Transmission highlights the importance of sandboxing, the Mac App Store, and developer certificates. If Transmissions was in the Mac AppStore and sandbox'd it wouldn't be able to encrypt anything but its own data making it a rather boring bit of ransomware.
I'm pretty sure there is for installers - when you go to install an app, there should be a lock icon up near the top of the window. Clicking on that shows the certificate.
Granted that won't work for apps that you copy from a DMG rather than _installing_ it, which I believe is how Transmission works.
I really think you need to read my post again.
I love the irony of this one. The majority of people who use Torrent on a Mac do so in order to steal data, now they are risking all stolen data being encrypted beyond repair. Format your drives boys and go and fill your boots with more data that you were too mean to pay for, I am sure your savings are worth the costs.
I am sure there are a few legitimate reasons to use file sharing tools on a Mac, as a videographer and coder I just can't think of any right now.
I am sure there are a few legitimate reasons to use file sharing tools on a Mac, as a videographer and coder I just can't think of any right now.
Last edited:
Do we now agree with Apple wanting everything sand boxed on the mac app store?
Now that this vulnerability is public you can bet that every hacker will be looking to break into servers and inject code somehow into software that people download on the mac.
There are lots of apps that contain open source components, what if those components have bad code added in as well?
I'm not sure why an app like Transmission needs root access or access beyond it's own set of files and a download area. It could operate fine being sand boxed. That would be the best protection. That's why you never hear about anything like that happening on iOS, it just cant.
Now that this vulnerability is public you can bet that every hacker will be looking to break into servers and inject code somehow into software that people download on the mac.
There are lots of apps that contain open source components, what if those components have bad code added in as well?
I'm not sure why an app like Transmission needs root access or access beyond it's own set of files and a download area. It could operate fine being sand boxed. That would be the best protection. That's why you never hear about anything like that happening on iOS, it just cant.
I thought Apple had gotten rid of most GNU stuff.
Give it go it can be fun.
===
I didn't know that the MAS didn't have torrent clients. Iwas going to ask why people weren't downloading from the MAS since it's in essence simply a SW repo. I know the MAS has issues that it shouldn't but repos are pretty much always better than various websites. Good luck to those infected but please don't pay it just leads to more of this.
Apple has become so huge and popular, it was a matter of time before it became a target.
Previously the notion of someone buying a mac, involved $$$$$, while a windows machine was dirt cheap. These days you can pick up a mac for very little, and to be fair a lot of the mac community still believe they are completely safe just by owning a mac.... times change.
interesting times ahead, the one year release cycle on os x is not helping things, I wish we could go back to 2 years.
[doublepost=1457347696][/doublepost]
Nope. Ill keep OS X as is, and take my chances. For me the iPad pro, was nothing more than a large iPad, and I chose the new Macbook over it.
Previously the notion of someone buying a mac, involved $$$$$, while a windows machine was dirt cheap. These days you can pick up a mac for very little, and to be fair a lot of the mac community still believe they are completely safe just by owning a mac.... times change.
interesting times ahead, the one year release cycle on os x is not helping things, I wish we could go back to 2 years.
[doublepost=1457347696][/doublepost]
Nope. Ill keep OS X as is, and take my chances. For me the iPad pro, was nothing more than a large iPad, and I chose the new Macbook over it.