They released Transmission 2.92 which should automatically remove the malware:
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
First Mac Ransomware Found in Transmission BitTorrent Client
- Thread starter MacRumors
- Start date
- Sort by reaction score
You couldn't use Github?
As a motion graphics designer, I share multi-gig files with my clients all the time. We use WeTransfer, Hightail, Dropbox, Box, etc. And for my home automation I got code files from Github. Saying bit torrent isn't MAINLY used for pirating is just being disingenuous and skirting the issue. And when you lie down with dogs, you'll get fleas.
While it remains unclear whether this particular malware encrypts backups, it's a risk with any ransomware. Some of the Windows ransomwares delete "shadow copies" which is a time machine-like feature. The only true backup is offline, offsite backup.
I used https://build.transmissionbt.com to download the newest builds because of the earlier installer snafu, but haven't upgraded for some time. Mine seemed fine and there is no trace of the malware on my computer. Upgraded to the lastest version now and all seems ok. Transmission is a good OSX bitTorrent client imo.
I'm a fanatic LittleSnitch user so I would have caught it trying to call home.
I read through the tech notes fast and didn't catch if the malware requires connection to a CC-server in order to start the encryption process.
Good catch by the PA-people, thank you.
I'm a fanatic LittleSnitch user so I would have caught it trying to call home.
I read through the tech notes fast and didn't catch if the malware requires connection to a CC-server in order to start the encryption process.
Good catch by the PA-people, thank you.
Because utorrent is now a bloated turd, and its devs have gotten real greedy. Transmission is miles ahead, any anybody who's *actually* savvy with computers will stay away from all recent versions of utorrent.
Of course there are free apps. There are fewer than in the iOS App Store, possibly, in part, because OS X and Windows apps have a long history of using a somewhat different business model than evolved for iOS. As time goes by, that's been evolving.
(A) agreed. Though with this kind of malware I hope your backups and physically remote and read-only.
(B) Bull$hit. I used Bit Torrent all the time to download Linux ISO images. It's the preferred method for distributing images because it's less load/bandwidth.
Actually the whole pirating debate is disingenuous and skirting the issue. Piracy has nothing to do with this: the software was obtained from the official developer website: it could have been a videogame or a text editor or whatever. The issue is that the developer of a relatively popular application was compromised and infected installers were distributed.
Relevancy of piracy: exactly zero.
I do. But there are a lot more people using and running Linux than using OS X. Seeing as torrents have been a legitimate way for Linux distribution, and you can dual boot a Mac into Linux it may well be more popular for legitimate use than you think.
Gatekeeper stops the infection from spreading further after it was detected and the certificate was revoked. And with code signing you can be sure the app wasn't altered after release. So it all comes down to how difficult it is to sign an infected version of the app with a verified developer account?
Do you really think there are more people running Linux than OSX?
unbelievable luck. I downloaded Transmission early on Saturday to fetch several Linux ISOs. I ended up with the infected version and only discovered after seeing this post (gatekeeper was not updated at the time I downloaded and launched). kernel_service was running under my logged-in user ID.
The bizarre thing is that I hardly ever use BT - it wasn't on this laptop that I bought about a year ago - and just did on a whim because the HTTP fetches were looking a little slower than I wanted.
I'm very skeptical about downloading new apps and trusted this based upon reputation (Transmission has been around for years).. The disturbing thing is how this exploit found its way in without the developer's knowledge. I have several tools (both commercial and open-source) that aren't available through the App Store because their functionality doesn't fit the sandbox.
There's no real solution to these other than to run all untrusted apps on a sacrificial machine (or virtual machine).
The bizarre thing is that I hardly ever use BT - it wasn't on this laptop that I bought about a year ago - and just did on a whim because the HTTP fetches were looking a little slower than I wanted.
I'm very skeptical about downloading new apps and trusted this based upon reputation (Transmission has been around for years).. The disturbing thing is how this exploit found its way in without the developer's knowledge. I have several tools (both commercial and open-source) that aren't available through the App Store because their functionality doesn't fit the sandbox.
There's no real solution to these other than to run all untrusted apps on a sacrificial machine (or virtual machine).
Quite ironic that this came in with a Bit Torrent client. How apropos. It takes a thief to know one I guess.
The main server platform of choice is Linux. I have 2 Macs, for example, each running an instance of OS X. On one I can dual boot into Linux on the other (an older Mac Pro) I have 1 version of OS X and 4 versions of Linux I can boot into. A lot of admins do the same sort of thing.
So, yes.
And it takes an ignorant to think that bittorrent clients are per se questionable software. Or a troll.
Because websites of closed source software cannot be hacked? How the heck is this relevant?
Actually the Apple Store doesn't offer a complete solution either: getting malware from the official Store is still possible. Only a few months ago thousands of apps from the App Store had been found to be compromised by malware.
why you don't use qbittorrent ? it's open-sourced , lightweight , no ads , and keeps updated every few weeks!
That doesn't make sense. There are plenty of perfectly legitimate uses for bittorrent, you only have to look at https://bundles.bittorrent.com to see some of them.
I also had an enterprise use case for it years ago - customer needed to distribute multi-gigabyte file to thousands of servers across a wide network every night. We evaluated several options before settling on bittorrent. Point-to-point transfers were completely infeasible.
You'll also find that governments, non-profits, Linux distros, NASA, etc all use bittorrent to distribute large chunks of data to the general public.
Im guessing if I don't torrent, I probably don't need to care about whatever this is (sounds bad).
Funny I saw this the other day http://www.mackungfu.org/dump/apple_unix_ad.jpg. The underlying system and ability to interact with remote Linux systems out of the box is one of the reasons I still use osx today. Just found your reply funny as it sounded like. You think more people watch television than tv.
Most of the web and probably this site is hosted on a Linux server. Devs and system admins probably at least have Linux running in vagrant or such on their computer.
If you're not using Time Machine then start right now. Think of this malware as just another kind of hard drive crash. If you're weren't using Time Machine you were a dead man walking anyway.
Use it.
Use it.