First Mac Ransomware Found in Transmission BitTorrent Client

[threesixty360]

It's in the Mac App Store guidelines:



Transmission has an option that lets it automatically add .torrent files without you having to do it yourself. This comes in useful if you're downloading a lot of things all at once - Legal uses... Humble Bundles and Archive.org stuff. I don't know if that would be easy to make happen in a sandbox considering apps like Alfred had to change to get in the MAS. Sandboxing is fine in most cases, but it doesn't make sense in a lot of cases either.

Open source code is open source, you can read everything that's going to be in the build you make.

Any website can be attacked. Apple, your bank, governments, etc aren't 100% safe from this either.

Renaming files in a folder the app has access to should be fine in a sandboxed environment.

The app just has access to a specific folder in user directory and that's that. The issue for transmission is maybe that it allows you to upload files from a folder anywhere. But even that could be restricted via an Api in a sandboxed envrioment.

What iOS has taught us is that devs by default want access to things they don't need generally. They want an easier life so they would rather have everything open.

However for 99% of tasks there are ways around it. There are very few programs that can't or haven't been made in some fashion on iOS that exist on the mac. Most things that aren't on iOS will be down to policy (I.e. No file sharing etc..).

Apples reputation on the mac rests on the fact that it's easier to maintain and more secure by default. I'm sure apple will do whatever it takes to defend this. I expect in the long run all mac apps will be sandboxed by default and users would have to explicitly allow access to the file system for an app.

And no app should have access to system wide encryption. What app needs that? You can't stop people breaking into a server and changing files. But you can stop what that app is allowed to do on a system.

 

[vexorg]

It's more amazing in a modern world that they cannot trace the money to find out who is behind it.

 

[beebarb]

It's more amazing in a modern world that they cannot trace the money to find out who is behind it.

If they weren't demanding payments in bitcoin they could've.
The fact that the bitcoin value makes no logical sense also raises red flags for so many people.

1 BTC is about 400 - 500 USD, 40,000 - 50,000 JPY, etc.
It kinda screams SCAM to a majority of the population.

Bitcoin's very design and more well known usage is seemingly labelling it as the currency of criminals.

 

[msephton]

I am scared to use it, maybe in the future this malware will come back?

Don't think like that.

Every Mac App download hosted on a website could contain malware. Every image or for your browse on the internet could. But they don't. You would never download anything ever again if you were worried about malware "coming back", because there generally has to be a user action to trigger it.

This is one remote incident and there was fast action from Apple to nullify it for affected users. As well as responsible action from the developer to fix the problem.

Sure, learn from the incident. Understand how it happened (website was hacked, modified version of a trusted app was replaced, small number of people affected) and how it was nullified (quickly, by all involved parties). But don't let it paralyse you to not trust apps and downloads.

 

[Max(IT)]

I thought it was mostly for pirating Windows and Office.

fortunately sex still is more important than computing ....

 

[mountain]

dangerous zone.

 

[vexorg]

If they weren't demanding payments in bitcoin they could've.
The fact that the bitcoin value makes no logical sense also raises red flags for so many people.

1 BTC is about 400 - 500 USD, 40,000 - 50,000 JPY, etc.
It kinda screams SCAM to a majority of the population.

Bitcoin's very design and more well known usage is seemingly labelling it as the currency of criminals.

At some point bitcoin must come out to real people. It would not be difficult for banks across the world to clamp down on bitcoin use if they refuse to have transparency. I've surprised even more in the state of terror we live in that all governments are not insisting on it to track money.

 

[unplugme71]

Maybe you should just let it rest.
It's getting embarrassing.

I'm sorry you feel embarrassed of your original post.

 

[ErikGrim]

Someone made a video about what happens if the ransomware is executed (after those 3 days by adjusting the system time manually):

Stop. Saying. Oh. Es. Ex!

 

[Chazz08]

The encryption works if someone from outside try to decode your drive. But if your user run a server to serve all your HD, even if this one is encrypted, the virus / mal ware uses your user who is allowed to decrypt files to read an re encrypt them... So encrypting stuff will not help in this case. The best thing to do is avoid clicking on weird stuff and in that case, wait few weeks before doing updates...

Thanks for the explanation! Always love to learn something new! Yeah. I know not to do that. haha. I have so many customers I have to explain that to. "If something pops up, that doesn't mean to tap on it." Mostly with Android phones. hahaha. I actually have Intego as well since I work with other people that have Windows computers, so I'm sure that would stop this threat, too. They just updated their definition log.

 

[You are the One]

First OS X ransomware actually a scrambled Linux file scrambler

 

[blasto2236]

So...did anyone actually get infected? Seems like much ado about nothing a week later...

 

[You are the One]

So...did anyone actually get infected? Seems like much ado about nothing a week later...

It was a very short time span to get infected, so you really had to have some bad luck to get it.

 

[Weaselboy]

So...did anyone actually get infected? Seems like much ado about nothing a week later...

I think the time delay on execution probably resulted in most people wiping the malware before it was able to do anything. The only comment about actual encryption I saw was this Tweet from the dev. of Malwarebytes.

 

[blasto2236]

It was a very short time span to get infected, so you really had to have some bad luck to get it.

I narrowly avoided it myself, as I was loading a brand new Mac full of apps in this exact time frame. Downloaded and installed about 12 hrs before it was infected, apparently.

 

[ISanych]

Could you explain why someone using OSX would need to worry about downloading Linux? If I were to be interested in using Linux I would grab a PC and stick it on to that. Linux is a great project and long may it live, but why would you put an open source project on your Mac if you were remotely worried about security?

Because I use Windows for games, linux for work - I have no use for mac os. I'm booting in Mac OS X once in a year - to upgrade it. Am I still allowed to own macbook?

 

[vexorg]

Am I still allowed to own macbook?

No!!!, go sit in the corner

You could use something like parallels and have it all in VM, easier to back up the images as often as you want that way.

 

[LordVic]

No!!!, go sit in the corner

You could use something like parallels and have it all in VM, easier to back up the images as often as you want that way.

depends on how much resources his mac has to be honest. Parralells is still a VM system, which means you've got the overhead of your host OS running. If he's in Windows 90% fo the time, There's really no need for OSx's overhead.

 

[vexorg]

I suppose it will depend on his machine spec, I've got an i7 with 16Gb memory, so windows runs pretty much as fast as I'd expect from a typical PC.

 

[ISanych]

No!!!, go sit in the corner

You could use something like parallels and have it all in VM, easier to back up the images as often as you want that way.

Well, there is one area where vms are not good yet - gaming. Last time when I've tried parallels it impressed me with gaming performance, but still it was half of fps which I was getting natively. So I run windows in bootcamp and linux vms in virtualbox there.

 

[ForkHandles]

Because I use Windows for games, linux for work - I have no use for mac os. I'm booting in Mac OS X once in a year - to upgrade it. Am I still allowed to own macbook?

Absolutely, no problems here. So you login to Mac OS X just to run the updates and take things from Torrent? Can't you Torrent from within Linux? I assume that if you never use Mac OSX then in fact this Torrent issue would never affect you. Hence Were back where we started, the vast majority of people who Torrent do so in order to steal.

 

[vexorg]

Hence Were back where we started, the vast majority of people who Torrent do so in order to steal.

And why european ISPs block torrent search sites.

 

[palmerc]

Or condemning roads because robbers use them to flee. Or condemning Privacy because some people commit crime and don't tell others about it.

Let's get the analogy right, BitTorrent is like a private road used for robbers, thieves and the occasional Linux distribution.

 

[vexorg]

Let's get the analogy right, BitTorrent is like a private road used for robbers, thieves and the occasional Linux distribution.

As said, if torrent was more legal then it would not be blocked in the EU. Seems to be pretty much 99% illegal software, cracks, music, tv, movies and porn.

Let's face it, if you could get the files legally then there anyone with half a brain would choose the legitimate way rather than risking whatever comes from someone else's dodgy PC or mac. Even linux, who in their right mind would trust a open source OS torrent download for their main OS.