Judgey Wudgy Was A Bear
Awfully judgemental of you and not a helpful answer either. There are numerous reasons for the client but you've already made up your mind I guess.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
First Mac Ransomware Found in Transmission BitTorrent Client
- Thread starter MacRumors
- Start date
- Sort by reaction score
Judgey Wudgy Was A Bear
Awfully judgemental of you and not a helpful answer either. There are numerous reasons for the client but you've already made up your mind I guess.
I've seen this quoted on this thread a bunch of times, but cannot find any verification of it anywhere other than checking my own system (as I updated within the app as well) to see that while having gotten 2.90 from the in-app updater, I otherwise had no trace of the malware running on my system. Is there any official word from either Transmission or Palo Alto Networks that confirms this?
[doublepost=1457307617][/doublepost]
Which is to say that while the wording "downloaded from their site" is used, I have not read any language that expressly rules out versions downloaded from the in-app updater.
Take this crap somewhere else.
A company I used to do some programming work for uses BitTorrent to transfer legally licensed movie content to hotels around the world to play the latest hollywood blockbusters (and other more adult related content) in hotel rooms. This is part of a fairly sophisticated content distribution system with movie files encrypted on receipt from the studios and distributed via torrent to local servers in each hotel which had decryption keys to allow local playback. The BT distribution just happened to be a very effective and efficient mechanism to distribute large files to multiple locations making best use of the network topologies available. If you understand how BT works then you'll understand why it was chosen in this scenario.
That said, yeah most folk use it to pirate content.
Personally I prefer to buy Blu-rays when they are cheap (from supermarkets usually) and then rip and transcode them and put them on my local network to stream through Apple TV and other devices. If anyone wants to do that then I would strongly recommend using this toolset: https://github.com/donmelton/video_transcoding (Don Melton used to work as a Director at Apple and was in charge of developing the Safari web browser and now he has retired, video transcoding is his passion.
This is why i never updated to 2.90... I stayed with 2.82 after seeing this message till the next 2.91 came out
Strange because the i never saw all of that stuff. All i saw was the first two lines.. and the remaing paragraph not there, but i had a feeling it was due to software being an issue, so i'm glad i help off till the update to 2.91.
Alternatively, i thought of just sticking with 2.82 *shrugs*
If its anything like windows where malware can "jump" to infect other connected devices etc,,, i would bet the same would be true on Mac with this.... Dunno. But if i had this, i wouldn't even take that chance of leaving anything connected.
But if not,,, that would be the next logical step for random ware on Mac..
It was only time we had to wait.
Strange because the i never saw all of that stuff. All i saw was the first two lines.. and the remaing paragraph not there, but i had a feeling it was due to software being an issue, so i'm glad i help off till the update to 2.91.
Alternatively, i thought of just sticking with 2.82 *shrugs*
If its anything like windows where malware can "jump" to infect other connected devices etc,,, i would bet the same would be true on Mac with this.... Dunno. But if i had this, i wouldn't even take that chance of leaving anything connected.
But if not,,, that would be the next logical step for random ware on Mac..
It was only time we had to wait.
Phew, that was close. Checked both my Macs, they are clean.
I did wonder why the rMBP was refusing to download a Transmission update yesterday.
I did wonder why the rMBP was refusing to download a Transmission update yesterday.
This is disppoitning particulary because bittorrent clients, and torrenting itself, has always been argued as existing for piracy. Now the clients are doing fishy things to users. I know a windows utorrent client was installing bitcoin mining softweare in the background too. Shame.
There's so much legitimate software distributed through BitTorrent these days: all major Linux distros and actually almost all games from humblebundle.com and that includes software of some of the largest game developers around. Maybe if you don't know what you're talking about, how bout a cup of ****?
*should* being the word that is not in my vocabulary. The only way not to get this , is don't upgrade to 2.90, but i also blame the developer for not even knowing and not acting quick...
1) People still running 10.6.8 were unaffected 
.
2) The last time anyone installed a Blizzard game, they were using bittorrent.
3) Bittorrent is literally the only way you can get certain legal files, such as chess tablebases. They are way too large to be distributed in any other way. These tablebases are much, much larger than a blu-ray disc and the bandwidth costs would be insane.
4) Anyone who uses utorrent probably had their machine turned into a bitcoin miner without their knowledge. Plus utorrent looks like crap and is adware.
5) I'm one of those people who downloads Linux distros using his Mac. Yes, we do exist, and if you're interested in Linux you tend to try out a lot of different distros which means a lot of bittorrenting.
6) This is a classic case of hackers going after the low-hanging fruit, targeting the weakest point in the security chain, which in this and many cases was the developer's website, not their software. They turned the developer's website into a distribution channel for a trojan, and took advantage of the open-source nature of the software to produce a trojan that looked legitimate and would work normally for a few days before unleashing the malware. If you want to get mad at anything, get mad at insecure websites.
7) This only happens because people actually pay the ransom. If you want this sort of thing to stop, have proper offline backups and never negotiate with terrorists of any variety.
.2) The last time anyone installed a Blizzard game, they were using bittorrent.
3) Bittorrent is literally the only way you can get certain legal files, such as chess tablebases. They are way too large to be distributed in any other way. These tablebases are much, much larger than a blu-ray disc and the bandwidth costs would be insane.
4) Anyone who uses utorrent probably had their machine turned into a bitcoin miner without their knowledge. Plus utorrent looks like crap and is adware.
5) I'm one of those people who downloads Linux distros using his Mac. Yes, we do exist, and if you're interested in Linux you tend to try out a lot of different distros which means a lot of bittorrenting.
6) This is a classic case of hackers going after the low-hanging fruit, targeting the weakest point in the security chain, which in this and many cases was the developer's website, not their software. They turned the developer's website into a distribution channel for a trojan, and took advantage of the open-source nature of the software to produce a trojan that looked legitimate and would work normally for a few days before unleashing the malware. If you want to get mad at anything, get mad at insecure websites.
7) This only happens because people actually pay the ransom. If you want this sort of thing to stop, have proper offline backups and never negotiate with terrorists of any variety.
could people have the discussion on legitimacy/morality of Bittorrent use somewhere else please?
By the way, all you judgemental, self-rightous p***s saying stuff like "serves them right!": Please delete your accounts. Nobody wants you here.
By the way, all you judgemental, self-rightous p***s saying stuff like "serves them right!": Please delete your accounts. Nobody wants you here.
I wonder why your need to kill kernal_service IF the encryption is already underway,, would that moot a corrupted drive, that would cause more damage than fix?
Whats the path to this in OS X?
Whats the path to this in OS X?
Last edited:
But most of us have figured out how to block it in Hosts, or run an old pre adware version as they work as well as the newer versions. Such emotion over a nit that's easy to get around.
You'd be surprised how many people do. The Mac is a nice platform with good hardware but Linux is much better for doing certain types of work, especially development. I personally use Linux not only as a server/deployment platform but also to do my day job (I'm a technical writer who uses asciidoctor primarily). I also develop on and for the Raspberry Pi so I'm often downloading different images to flash to SD card. I use Pis like appliances: print and airprint server, home intranet, SSH/VPN box, wireless speaker system and I know my usage is hardly unique.
I know a lot of people who run Linux VMs or bare metal for development in Java, Rails, PHP, Node, Mono and C on Mac hardware.
Apple hardware gives you a nice designed laptop with a good trackpad. OS X is a half-decent UNIX box with support for proprietary apps when you need them and is mandatory for iOS development. Linux gives developers much more control, performance, better package management and an environment that's the same as their deployment target.
In fact I think OS X is a good avenue into Linux, especially for technical users and those of use who like performance and a file system that doesn't suck as badly as HFS+!
what puzzles me is what consequences to take personally. Any 3rd party software not distributed through the App Store could pose the same risks. All it takes is a stolen identity for a developer certificate and an unpatched distribution server
Ideas so far:
- have a secondary backup disk that only gets connected once a month or so
- little snitch
- run a VM to try out new software to minimise exposure
Ideas so far:
- have a secondary backup disk that only gets connected once a month or so
- little snitch
- run a VM to try out new software to minimise exposure
Seven pages and no one has mentioned the very specific conditions required for you to self-infect?
1) You'd have to had download the dmg from the from the website between 11:00am PST, March 4, 2016 and before 7:00pm PST, March 5, 2016
2) Have opened the General.rtf file on the dmg
3) Have actively blocked gatekeeper from updating
These are all very specific conditions. If you have used Transmission before and auto-updated you are safe. If you don't open read me files you are safe.
Which makes me wonder why people are panicking over this. And also, if the hackers could compromise the official website with a dmg, why not poison the executable itself instead of relying on the user clicking a fake text file?
1) You'd have to had download the dmg from the from the website between 11:00am PST, March 4, 2016 and before 7:00pm PST, March 5, 2016
2) Have opened the General.rtf file on the dmg
3) Have actively blocked gatekeeper from updating
These are all very specific conditions. If you have used Transmission before and auto-updated you are safe. If you don't open read me files you are safe.
Which makes me wonder why people are panicking over this. And also, if the hackers could compromise the official website with a dmg, why not poison the executable itself instead of relying on the user clicking a fake text file?
Exactly, this is a security issue not some an app or OS problem. Even so, nothing is truly safe, not even the Mac App Store - wasn't long ago that a bunch of apps on the iOS store were discovered with malware.
Back to this issue, something similar happened to the Linux Mint project a week ago; their website was compromised (through a Wordpress exploit) and the ISOs (and checksums) were replaced with an ISO loaded with malware.
As someone else noted, hackers are going after easy pickings. We're going to see more attacks like this so be careful before you download third-party apps and feed it your password.
This incident shows the opposite. The certificate is not the same that is usually used by the developers of Transmission. Likely it was stolen from a legit developer. Then they modified the installer package (removing the original signature in the process) and re-signed the modified version.
Signing an installer package is trivial if you have access to a certificate.
2 and 3 not required conditions. How do I know? It happened to me with fully updated El Cap. There was a time window between compromise and notification where Gatekeeper was not aware / updated.
1. Downloaded Transmission from website (didn't already have it).
2. Opened Transmission (got the "you are opening this for the first time" warning)
3. Downloaded a couple of f23 ISOs from https://torrents.fedoraproject.org
4. Closed it when finished.
This morning I saw the news and checked: I had the kernel_service running, files in ~/Library. Fortunately 3 days had not elapsed and everything was intact.
Last edited: