Transmission is open source, free and lightweight also. The distinguishing quality is that it is a fully native Cocoa application with a Mac-like (and IMO very nice) user interface. Most other BitTorrent clients are either ports or require a separate software platform like Java. qBittorrent is made with Qt (which has a bit of overhead) and is thrice the size of Transmission. Upon installing, it also requires administrative access so that it can ‘always run’, Transmission does not require such access.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
First Mac Ransomware Found in Transmission BitTorrent Client
- Thread starter MacRumors
- Start date
- Sort by reaction score
Transmission is open source, free and lightweight also. The distinguishing quality is that it is a fully native Cocoa application with a Mac-like (and IMO very nice) user interface. Most other BitTorrent clients are either ports or require a separate software platform like Java. qBittorrent is made with Qt (which has a bit of overhead) and is thrice the size of Transmission. Upon installing, it also requires administrative access so that it can ‘always run’, Transmission does not require such access.
I did. And if a car accident on the other side of the country is fatal, well people will be dead.
It has nothing to do with visiting torrent sites. What apparently happened is the Transmission apps web site was compromised allowing someone to substitute an infected version of the app. So you will only have this problem if you downloaded Transmission 2.90 directly from the developer's site during the small time window it was available.
If you did not do that, you are not exposed.
Last edited:
It may be premature to be asking for a complete response.
That said, why advertise how it was done? Who does that help except potential criminals?
That said, why advertise how it was done? Who does that help except potential criminals?
Paint is a favorite tool of vandals and overpass Romeos, but that doesn't mean nobody uses it for good.
If you can't imagine a legitimate use for Transmission, this says much more about your own experiences than the software itself. I use Transmission almost daily, and I don't pirate software. Let's not give Apple an excuse to further cripple OS X by disallowing third-party apps from accessing the network stack or file system APIs (you wouldn't have much useful software left, believe me).
I have zero sympathy for people who use iPhones, because clearly anyone using encryption on their smartphone is a terrorist. </s>
This could be a very lengthy conversation.
Linux is an Operating system. Not just an application. It offers many robust features that are part of an extremely large open source community. Many Distributions of this Operating system are extremely secure, stable, and can offer extremely good performance. All for free. It is a fork of Un*x, similar to OSx (Based of BSD). But unlike OSx, Linux has remained true to the open source community.
Linux offers many compelling different windows managers. This is the "display" layer. Apple essentially locks you into their own GUI (Similarly so does Windows). Linux offers the ability to customize and change this to a multitude of different and highly customizable UIs'. From Gnome to KDE to even older XFCE. There are hundreds of different UI's
Being completely open source, the Linux community at large constantly updates it, preventing malicious code, bad code, and stagnation of features. Anyone who knows how to program is free to develop and submit by signing up for any of the different linux projects. This tends to mean that features come faster. Updates are done quicker, and are done more transparently than in the closed source world. Bug fixes and security enhancements can be almost instantaneous since there's little need to wait for the primary source (Apple or Microsoft) to distribute their own updates.
Hardware requirements are extremely low. Some linux variants can run on as much as 15-20 year old hardware. Got an older Mac that is struggling to run El Capitan or Yosemite? You will likely still be perfectly fine running some form of Linux. Because of the open source nature and distribution model, you will likely easily find a work around / support for older out of date hardware than Apple has long abandoned. Some older Macs for example stopped receiving updates around Lion when Apple made a hard rule decision not to support older EUFI's in newer OSx. They would have stopped receiving security udpates and patches shortly after. However, those users can still run a perfectly fine, up to date, and secured Linux.
Security measures can be better in Linux (though arguably harder). Linux is typically faster due to the open source nature to respond to security issues. It can also be locked down for internet facing servers more robustly.
Like earlier mentioned with it's older hardware support, it's capable of running on just about any hardware configuration. from Mac's, to PC's, to thin clients or embedded. If it's got a CPU, some form of Linux has likely been ported to it.
Linux out of the box supports multiple programming language support, including built in compilers and is a very proficient development platform.
Did I mention this is all available for free?
While no concrete numbers are likely to be found, Linux, is probably the biggest backbone OS of the entire internet. Aside from Windows back ends, most of everything else on the net, is likely running off a un*x or linux box, or windows.
you may never NEED to download linux, but many many people do.And at the end fo the day, A Mac is just another Personal Computer. if you have a spare mac laying around and want to install linux, why not.
I have not asked for a complete response, but just any response. Maybe it was a rogue developer or they really had a security issue on their servers. People want to, and deserve to, know how this happened and whether the developer can be trusted in the future. The only reason why this is not an even bigger issue right now is because it was caught and brought to the attention by third parties. Imagine what would have happened if nobody noticed in time or the encryption kicked in sooner. You have to take responsibility for the code you distribute and it would be at least decent and professional to give some explanations and apologise. It only hurts the credibility of open-source projects when nobody has the courage to speak and accept responsibility.
I also do not understand what you mean with ‘advertise’. The only way that this could have happened is via a security breach on their end, whatever the nature. I seriously hope that they fixed that right away also.
This is of course nonsense. But what Apple could do is give the user an easy way to verify the name of the developer who signed the app (and of course take steps to prevent developers from signing up under a fake name). In Windows you can see this information by looking at the certificate details of signed executables.
I have no idea what transmission is. Though it does not affect the question of how safe are other sites apps etc?
Transmission is the bit torrent application that was compromised in this case. So if you downloaded and installed the infected version 2.90 of the Transmission application and rain the app, you would have been infected with this malware.
As far as other sites, if your OS is fully updated, you are not going to get infected by simply visiting a web site. You would need to download and install an application from a web site to get infected. I have not seen any reports of other apps infected with this malware, but it is certainly possible.
Apple has pushed out an update to the OS X built in malware protection to prevent this particular malware from running.
I actually feel pretty good about this. I mean, it's really troubling that this happened, but the fact the response was so quick once it was discovered is reassuring. Apple reacted quickly, Transmission developers reacted quickly. And moreso, the developers of the compromised app built-in a removal tool into their update! How often does that happen on Windows apps? If a Windows app spreads malware, usually the update just doesn't have the malware, but they leave it up to you and your anti-virus to fix the earlier screw-up. This time, the developer took it upon themselves to right the earlier wrong. This leaves me feeling optimistic.
Yes, certificates can be re-obtained, however presumably apple can black-list credit cards used to pay for them.
It's not totally safe, sure - but its a lot safer than "run any unsigned code from anywhere".
If the time machine disk image is mounted (say, during an active backup) there's a good chance the encryption lock would have access to encrypt the mounted backup as well.
My one infected Mac, which I sanitized to the best of my ability yesterday, seems to be running just fine, and nothing weird happening that I can tell as of now. That said, I know I'm going to be looking over my shoulder for a little while thanks to this. I'm thinking I'll reinstall the OS this evening, just to patch up any weirdnesses I might have missed. The worst thing about this is the paranoia that ensues.
What I don't really get is WHY program the thing to wait three days? Why not just make hay while the sun shines, as it were? What benefit is there to waiting three days before executing?
Last edited:
I would be really curious to see if anyone ends up actually infected by this. For now it would appear it was caught quickly enough to prevent any real-world damage.
I'm not familiar with recent versions of the "PC version", but I'll take your word for it, I guess...
I personally can't imagine an app so teeny, with such a teeny job becoming "bloated", but again- I guess I have been stuck in a Mac centric world for a bit...
Maybe your PC bit torrent clients have video players & currency calculators and whatnots that I was formerly unaware of.
If you have Time Machine encryption turned on, the password is saved in Keychain and the drive/image automatically mounts when TM runs. You do not need to enter a password.
So theoretically, like sadness said, the rogue app would have access to TM files during backup with no password entry required.
You are obviously ignorant towards the legal uses of BitTorrent.
- Game Updates & Downloads
- NASA
- Linux Distributions
I suggest you read the following for more examples or do your own research before having zero sympathy for those people who were infected who were using BitTorrent for legal purposes.
http://www.makeuseof.com/tag/8-legal-uses-for-bittorrent-youd-be-surprised/