Funky Stuff(s) After the Transmission Breach

Discussion in 'macOS' started by kaans, Mar 8, 2016.

  1. kaans macrumors member

    kaans

    Joined:
    Nov 17, 2014
    #1
    I upgraded Transmission from 2.90 as soon as it asked, my instincts told me to wait, but I upgraded anyway, tho I had no issues with the current version, I think I somehow avoided the Ransomware tho, I read the article in detail later on: researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/ - the .kernel files aren't there, so I hope I avoided it completely

    Story aside, to the funky stuff:

    So I noticed OSX was flashing the screen even though I reduced the brightness to 0, it's kind of a feature, even if you set the brightness to 0, sometimes it just flashes the screen, to let you know the system is alive, right after you disconnect an external monitor for example

    So I shut down OSX, while I do my external work

    When I logged back in, my Apple Account was locked out for security, so I prompted to iforgot.apple.com (Which does explain the initial funky behaviour)

    Everything is seemingly back to normal, for now, since I restored my password

    However the paranoia remains, anyone else experience the Apple Account Lock?
    I think, Apple might be doing this to everyone who has Transmission installed, any ideas?

    (Once again, I agree those who state Apple should improve it's mac appstore to prevent issues like this from happening, it should be practical and capable so apps can use the appstore)
     
  2. bent christian Suspended

    bent christian

    Joined:
    Nov 5, 2015
    #2
    That has not happened to me and I use Transmission.

    People claim that AV is unnecessary in OSX. This incident is one more reason to use an antivirus application like Malwarebytes. Attacks like this are likely happen more frequently in the future.
     
  3. kaans thread starter macrumors member

    kaans

    Joined:
    Nov 17, 2014
    #3
    I disagree, an antivirus application will have total control over the system, if the AV application itself gets breached, it's game over - I don't even install Virtualbox on my OSX, I avoid any installer that needs admin permissions, like most OSX users I assume, Transmission was great as it's just copy-to-install

    If I had time, I would write an app called "OSX Security Watch" - which would only watch the appropriate news channels for security breaches and report them to the end users, with this issue, swiftness was the solution

    Anyway, let me know if the same thing happens to you too, it happened to me 24+ hours after the 2.92 Transmission update
    I restarted right after the fix, shutdown, and after power-up, the password was revoked, so some cycles might be needed
     
  4. bent christian Suspended

    bent christian

    Joined:
    Nov 5, 2015
    #4
    No, that is not how Malwarebytes works. It is a passive scanning system.
     
  5. IHelpId10t5 macrumors 6502

    Joined:
    Nov 28, 2014
    #5
    Malwarebytes would not have stopped this. Currently, antivirus applications for the Mac stop nothing, yet are themselves a potential *addition* of potential vulnerabilities and system instability that were not present in the OS in first place. With Gatekeeper, XProtect, and SIP, the Mac OS has plenty of protection that taken together is far more effective than any third party security application. It's not that experienced Mac OS users are saying that the Mac OS is immune to infection. Instead, it's that 3rd party security applications for the Mac are currently just a useless money grab advertised using pure FUD that is accepted by the majority of less informed users because they read it on Web "media" sites that have no journalistic integrity whatsoever.

    It amazes me how few articles you see about the threats that 3rd party security products actually introduce into operating systems. Therefore, until drive-by infections become possible in Mac OS, and antivirus proves it's utility, the only intelligent choice is to not weaken your Mac OS with unnecessary antivirus crapware.
     
  6. bent christian Suspended

    bent christian

    Joined:
    Nov 5, 2015
    #6
  7. IHelpId10t5 macrumors 6502

    Joined:
    Nov 28, 2014
    #7
    You just somewhat proved my point. Malewarebytes did nothing to stop you from infecting your Mac! It's an unfortunate fact that on any OS, software updates that come from the vendor's server are not going to be caught by antivirus until it's far too late. By the time you manually ran that scan with Malwarebytes, Apple had already revoked the certificate for the ransomeware and added it to XProtect. It would have protected you just the same.

    At least Malwarebytes is just an on-demand scanner. Real-time "protection" for Macs are the products that are really the dangerous ones. However, what happens if the Malwarebytes' updater ever gets hacked like Transmission? I continue to insist that *every* application installed on a computer is a liability, even antivirus applications.
     
  8. bent christian Suspended

    bent christian

    Joined:
    Nov 5, 2015
    #8
    One more time for the hat trick!

    Malwarebytes found nothing, because there was nothing to find. My Mac was not infected. I updated through the application. This is the safest method.
     
  9. thomasareed macrumors member

    thomasareed

    Joined:
    Aug 24, 2015
    #9
    If you updated through Transmission's self-updating mechanism, you were never infected. The update was safe. It was only if you downloaded it from the Transmission website that it would have been a problem.

    I don't know what might have caused the other problems you mention, but it's not related to the KeRanger malware.
    --- Post Merged, Mar 10, 2016 ---
    Not quite. I've seen a number of people who have had their files encrypted, despite the 3-day delay timer KeRanger used. It infected people within a very short window between March 4 and 5, but once someone had opened it prior to Apple blocking it, XProtect and Gatekeeper were out of the picture. XProtect and Gatekeeper are good protection, but they're only effective the first time you run something.

    Malwarebytes detected KeRanger on the 6th, 24 hours before the first possible "detonation" of the ransomware. A scan with Malwarebytes during that time prior to "detonation" would have disinfected anyone who had gotten themselves infected, before their files were encrypted.

    By that logic, you might as well stop using your computer. OS X itself could be hacked far more easily than some third-party app installed on your Mac. There's no point bothering with such things when there are known vulnerabilities in OS X that would allow malware to get past Gatekeeper and XProtect undetected and completely pwn your system.

    It's good to be smart about what you're downloading. It's not good to fear the wrong things while not fearing the right things enough.
     

Share This Page