Could've been any non-MAS app with a wide audience. Imagine if it was Spotify. "Word to the wise: don't stream music you paid for"?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Transmission Malware Transmitted Through Server Hack, Downloaded 6,500 Times
- Thread starter MacRumors
- Start date
- Sort by reaction score
Could've been any non-MAS app with a wide audience. Imagine if it was Spotify. "Word to the wise: don't stream music you paid for"?
Over the weekend, the first instance of Mac ransomware was found in a malicious update to the Transmission BitTorrent client. Version 2.90 of Transmission downloaded from the Transmission website was infected with "KeRanger" ransomware.
"Ransomware" is a class of malware that encrypts a user's hard drive and files, demanding money to decrypt it. In this case, KeRanger would have required Mac users to shell out a bitcoin for decryption, equivalent to approximately $400.
Article Link: Transmission Malware Transmitted Through Server Hack, Downloaded 6,500 Times
In the pre-ransomware days I was a very high level systems administrator for a truly huge software/hardware company and that experience, along with the twenty or so years prior writing OS software for another big hardware vendor, caused me to not look fondly on "a new release of xyz is available" messages.
The sad truth is consumers haven't had the experience of blindly upgrading to the "latest and greatest", then having the entire world fall apart around them. They honestly believe the next release is always better than the last one, even if they aren't having problems with the last one. This sort of exploit was created by companies like MS and Apple with their automated software update process. I'm proudly running MacOS 10.6.8 on eight machines and two geographically separate networks. You can pry it out of my cold dead fingers
It does what I want done and I've learned to work around the bugs (like having to set my system clock to 2012 before re-installing it). This doesn't have anything to do with Tor or Torrent, it has to do with poor operational security. You just don't download stuff off the net and try it on the crown jewels to see what it does. If you're going to use experimental software from sources you either can't or don't trust, you put it on an expendable machine , isolate if from your network, and run it for awhile before you turn it loose in the kitchen. It's just common sense folks. Most everyone this day in age has a laptop in the closet they don't use for real work anymore; that's your lab machine.
Use it. It could easily save you $400 and a whole lot of time.
I'm surprised the 'hackers' didn't disable the auto-update code. But it's still not going to help those already compromised.
Will only add more fuel to Apple wanting to exclusively sign all Apps from via AppStore.
Sorry if this was asked already. If you are using a standard user account would you be affected? I didn't think transmission needed admin rights to install? Thanks!
Blame Apple because users installed 3rd party s/w?
The blame is squarely on Transmission devs. It was their server that was hacked into. Mac's were merely a conduit here. Do you blame the power company when lightning hits your house and fries all your electronics?
Understand and take responsibility for the s/w you install. Apple isn't your guardian.
That would be a bad thing. The only infected installers came from a direct download, not from an update.
The current sandbox requirements makes it unfeasible for a lot of applications.
Apple doesn't follow its own AppStore rules....
Because it costs money
[doublepost=1457394674][/doublepost]
It's free software so the company didn't earn anything from the user though.
Yes, keeping several independent backups is important. I try to keep a habit of putting family photos and videos on write-once discs, bluray media is really inexpensive these days so I keep some copies at relatives as well in case my house is destroyed in a fire or whatever. Incidents like this, with Transmission (as mentioned elsewhere, could have been any type of program) motivates me even more to make proper backups.
-
BTW, all you who say only buy programs from App store, most of the programs I use are free - and often better for my needs than commercial programs. Many programs I use wouldn't even be accepted by App store. This ransomware attack could cause problems for many legitimate and proper open source programs, if the hack is modified and spread. It has little or nothing to do with torrenting (but it must be said that even Macs suffer from trojans and infected downloads, not like Windows, but still).
I assume "bigger" programs have better protection (can't bet on it though), but what if the program had been Handbrake, Audacity, Kodi, VLC, Libreoffice, Avidemux, Thunderbird, all these can be downloaded from many sites, legally, and if they are signed with apple certificates most people would install them thinking they were the real thing.
So this ransomware issue is a problem for most Mac users I reckon. I often try to find and download free software from App store, but, most programs I need aren't there.
It's a great idea. I wish OS X would sandbox all applications. Transmission does NOT need to have the ability to edit files all over my filesystem!
You can create a new standard user (non-admin) account on your machine (System Preferences).
In the following example the short name of the new account is "nonadmin" and I open iTunes with the privileges of the "nonadmin" user .
In the Terminal type:
Code:
sudo -u 'nonadmin' /Applications/iTunes.app/Contents/MacOS/iTunes &Then close the Terminal tab/window and ignore the warnings! iTunes runs now with the privileges of the "nonadmin" user (see Activity Monitor).
Each account has a different preferences directory, so that you need to set the preferences for your app (iTunes in this example). For the highest security set the download directory to something like:
/Users/nonadmin/Downloads
Open also the Finder info window for each external volume and allow only read/write access for the admin user on your machine.
The malware cannot write encrypted data to directories/files which do not belong to the "nonadmin" account or which require an admin account.
No, cloud storage services upload the encrypted files to your cloud storage, so that does not help.
Just deleted every third party app (excluding Origin and Steam games) and also updated all my security in preferences. LOL. Hell no, this damn Mac was expensive enough.
I installed Transmission on Friday, and luckily I managed to install it a mere 30 minutes BEFORE the malware got uploaded. Talk about cutting it close.
I don't know about the government agency use cases, but the other examples you gave (of which I was already familiar) are situations where torrenting is used as an implicit, under-the-covers technology to solve a specific issue and ones that are not seen by the user nor will they be impacted by this corrupted client. That's a far cry from someone downloading a torrent client onto their machine to use explicitly. Granted, there are legitimate uses for explicit torrenting, but the vast majority of people that download torrent clients onto their machines are doing it to steal music, movies, or other content that they should be paying for:
- http://documents.envisional.com/docs/Envisional-Internet_Usage-Jan2011.pdf -- study from 2011 that shows that 86.4% of peer to peer network traffic was confirmed illegal -- unsure about the rest
- http://arstechnica.com/tech-policy/2010/07/only-03-of-files-on-bit-torrent-confirmed-to-be-legal/ -- report that shows that a minimum of 89% of bit torrent traffic was infringing, and most of the rest of the 11% was likely to be as well -- as high as 99.7% of data being copyright infringing
- http://www.digitalmusicnews.com/201...s-decreasing-you-havent-looked-at-the-data-2/ -- a report from last summer showing that file sharing has increased 44% since 2008 and that Netnames found that the majority of filesharing traffic infringes on copyright (78.1% of shared music and 92.9% of shared tv shows)
