First Mac Ransomware Found in Transmission BitTorrent Client

[Partron22]

What I don't really get is WHY program the thing to wait three days? Why not just make hay while the sun shines, as it were? What benefit is there to waiting three days before executing?

You net more Macs that way. The malware writer has to ask himself how long he thinks it'll take for someone to notice the evil code and get Apple, or whomever, to come up with a fix. If he thinks his code is well hidden, he could have it wait a year before triggering and capture 30-40% of all Macs with his scheme. If he thinks it's not very well hidden code, 3 days will still get him enough compromised Macs to make a little cash. Immediate triggering would cause an immediate uproar, and the compromised software would just be pulled from everywhere - Very little profit in that.

Have a look at Stuxnet for a well designed, well hidden piece of malware.

 

[movieator]

That's worrying. You're encouraged to constantly keep your applications and OS updated, but recently that's becoming troublesome. First with Apple's silent security update disabling wired networks and now this! Worrying year for security this.

Well, said Gareth Marenghi.

 

[T'hain Esh Kelch]

I did. And if a car accident on the other side of the country is fatal, well people will be dead.

I suggest you read it a third time then.

 

[AppleInLVX]

You net more Macs that way. The malware writer has to ask himself how long he thinks it'll take for someone to notice the evil code and get Apple, or whomever, to come up with a fix. If he thinks his code is well hidden, he could have it wait a year before triggering and capture 30-40% of all Macs with his scheme. If he thinks it's not very well hidden code, 3 days will still get him enough compromised Macs to make a little cash. Immediate triggering would cause an immediate uproar, and the compromised software would just be pulled from everywhere - Very little profit in that.

Have a look at Stuxnet for a well designed, well hidden piece of malware.

That makes a lot of sense. Thank you for clarifying.

 

[Max(IT)]

To be fair, some of that porn is shared without the permission of copyright holders. I've heard about shall we say less-socially-acceptable porn companies essentially blackmailing porn pirates into very large settlements to avoid the embarrassment of a court date in which their particular fetish or sexual orientation will become part of the public record. They're worse than the RIAA claiming millions of dollars of lost revenue from a few songs.

You are right, but while I'm paying for every single song and movie I see, I'm not going to pay for porn

This is hilarious. The Apple defence people sure are quick to draw their guns in defence of Apple these days. Nobody is blaming Apple for this ransomware. It is important for users to be aware it is out there so they can take appropriate actions. But informing people it exists is not attacking your precious Apple. You can calm down a little bit.

Reading TheHorrorNerd's posting history is funny though. This is a guy who defended Apple on the Error 53 bricking. He attacks MacRumors for posting about the HoloLens because a non-Apple thread offends him so much he can't just ignore it. He even says people who had their phone bricked by the 1970 bug should take accountability because it's not Apple who bricked it.

Every post in his history is just pure blind defence of Apple no matter how wrong Apple is. All I can do is feel sorry for the guy.

We could say the same about every your post, in the opposite way...

 

[SeaFox]

I love the irony of this one. The majority of people who use Torrent on a Mac do so in order to steal data, now they are risking all stolen data being encrypted beyond repair.

1) Copyright infringement isn't stealing. By definition, stealing deprives the original owner of usage of the item.

2) Even if you do pirate doesn't mean all the stuff on your hard drive is stolen. This trojan is actually more likely to encrypt specific folders on the Mac's hard drive (like the Documents folder) so I would expect it's more likely to encrypt documents the user themselves created than anything they did obtain online.

I am sure there are a few legitimate reasons to use file sharing tools on a Mac, as a videographer and coder I just can't think of any right now.

Ever hear of Syncthing? Guess what protocol it's built off of.

 

[unplugme71]

I suggest you read it a third time then.

Maybe you need to re-read what you wrote.

 

[Gjwilly]

Maybe you need to re-read what you wrote.

Maybe you should just let it rest.
It's getting embarrassing.

 

[MoXoM]

I'm so glad I updated via the App.

My 8 year old iMac hasn't been infected but I still deleted the App to be on the safe side.

I guess I'll download the new version as and when I actually need to use it...

 

[aristobrat]

If users install a trojan from an insecure 3rd party website, that's not Apple's fault. There is literally nothing Apple can do to prevent that, short of locking down the OS so much that it's impossible to install software on Macs.

I don't disagree. I also never made the point that Apple had any fault in this.

Your comment was "This really has nothing at all to do with Apple". I disagree with that. The simple fact that Apple had to take action because of this (revoking a developers certificate (over a weekend)) shows that this incident has something to do with them.

 

[MH01]

You are right, but while I'm paying for every single song and movie I see, I'm not going to pay for porn

ha ha ha. Now that is an honest answer! Males of the world unite!

 

[vexorg]

Virus and malware are so dull nowadays, even that's become commercialised by demanding money in return. What happen to the good old viruses that made the words fall to the bottom of the screen as you type, or the breakout type game that had the ball delete characters out your document as they were hit.

I do like the mac one that makes the cursor into a beachball /inwheel for 5 minutes when some apps need to open, gives you time to go make a coffee.

 

[deputy_doofy]

Yes, certificates can be re-obtained, however presumably apple can black-list credit cards used to pay for them.

It's not totally safe, sure - but its a lot safer than "run any unsigned code from anywhere".

Strange. That's not my quote. lol

 

[AppleScruff1]

Let's not try and deny that 99.5% of torrent use is for porn

I thought it was mostly for pirating Windows and Office.

 

[Osty]

It's not really fair to compare a standard OS X setup with anything hardened.

I accept that. My point though had a twinge of irony given I was responding to a blanket statement someone made about Macs being more secure. My quip about a hardened Linux box aside, the UK government has concluded (several times now) the most secure of the user-focussed, popular desktop operating systems is Ubuntu. It beat Windows and OS X and Ubuntu isn't even optimised or hardened for security out of the box.

I thought Apple had gotten rid of most GNU stuff.

Yeah, a lot of it is gone. There was a stink in 2012 made by Charlie Miller because he was accusing Apple of making OS X more insecure because of how outdated their GNU stack was. That's their prerogative, I suppose, after all GNU-is-not-Unix.

In fairness, brew.sh does a pretty good job of giving OS X a much-needed package manager and it's stuff is quite up to date. I wonder how many OS X users know and use it though.

 

[AppleScruff1]

One thing I remember about my time with Linux was how helpful and friendly Linux users were. I got my feet wet on Notebook Review and a few users there really went the extra mile to help a noob like me solve some problems.

 

[bn-7bc]

Cant really blame Apple for data loss if you
(a) Don't make regular backups
(b) Install bit torrent clients (from a website no less) Which have little or no legitimate use other than piracy

Do i smell a RIAA troll (kidding) it only tooj me a secont to google but hete is a link http://www.techsupportalert.com/content/finding-legal-and-free-torrents.htm. quite an imressive list right? Ok mayby not the most komun usage of bittorrent but just an ilustration of legit bittorrent uses abart from linux ISOs

 

[Shirasaki]

I'm pretty sure there is for installers - when you go to install an app, there should be a lock icon up near the top of the window. Clicking on that shows the certificate.

Granted that won't work for apps that you copy from a DMG rather than _installing_ it, which I believe is how Transmission works.

Yeah, when installing Microsoft Office, I can see such icon. But for other apps, I cannot. Apple should show certificates for ALL apps running on Mac, not those which is installed on Mac.
If a program installed under Windows require Admin rights, Windows will let you see certificate of that program/executable by default, if they have one.

 

[mrxak]

Yes, I Know. I specifically printed " ... from the app's legitimate site ... ", not Apple! The "... paying Apple ..." means payback by the offended USA governments.

Blame is squarely on the app's (the application's) website - from where people are downloading the ransom-ware.

Do you see anything in my post that blames "Apple", the iPhone, Mac company that writes the software?

Like I said, it has nothing to do with Apple. You've come up with a conspiracy theory that makes no sense in light of that, so I really don't know what you're saying or why you're saying it.

 

[Marlos]

Someone made a video about what happens if the ransomware is executed (after those 3 days by adjusting the system time manually):

 

[msephton]

I really liked this app but lately development seem to have been slow on it and now this.
Is it time to change? Any recommendations ?

If it isn't broken don't fix it? Version 2.84 works just fine. Should apps be updated without any real need?

This malware hack is unfortunate, but I'll continue to have Transmission on my Mac for when I need to download torrents. It's still by far the best tool.

 

[DevNull0]

We could say the same about every your post, in the opposite way...

You could say that, but you'd be lying. Considering in the very post you're replying to I said you can't blame Apple for anything here.

 

[macbookprodad]

Luckily, I updated the app automatically when i prompted me to do so and I checked the signs of being infected and nothing was there.

Now updated to 2.92

 

[MH01]

I thought it was mostly for pirating Windows and Office.

It's a cover. You pretend to download a version of Windows or office, while you carry out the master plan of getting porn.

Just be prepared for the other half asking why you need so many versions of windows/office....including the silly one , buying a retail version....

 

[MacBH928]

If it isn't broken don't fix it? Version 2.84 works just fine. Should apps be updated without any real need?

This malware hack is unfortunate, but I'll continue to have Transmission on my Mac for when I need to download torrents. It's still by far the best tool.

I am scared to use it, maybe in the future this malware will come back?