Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Transmission Malware Transmitted Through Server Hack, Downloaded 6,500 Times

I still say its the developer... if the server was attacked, why was it still online serving infected downloads ? I would of thought in this day and age every admin would have scripts which notify of such things asap. (eg.. if a process is not responding, then u get emailed. and u know something is a miss.)

ummm ...

What is going on here....? Seem sever is stlll infected? I'm on 2.91 currently
 

Attachments

  • Screen Shot 2016-03-08 at 10.00.46 am.png
    Screen Shot 2016-03-08 at 10.00.46 am.png
    180 KB · Views: 234
Last edited:
Guess I dodged a bullet... Downloaded this app based on a recent site recommendation (gee thanks 9to5 Mac) but because i've been sick I hadn't gotten around to installing it. That disk image has now been eradicated from my machine. Good riddance.
 
pat500000 said:
Uggh.......UGGHHH........UGGGGGGGHHHHHHHH.

Why attack transmission?
Click to expand...
I’m not sure, but Transmission is a BitTorrent client, and BitTorrent is often used for illegal file transfers. So, it very well could have been a government agency as a means of law enforcement.
[doublepost=1457403776][/doublepost]
Rigby said:
In this case it wasn't possible to install from the app store, since Apple doesn't allow Bittorrent clients on the store for some reason. So I guess you could also blame Apple. ;)
Click to expand...
Since BitTorrent is often used for piracy, I’m not surprised.
 
jblagden said:
I’m not sure, but Transmission is a BitTorrent client, and BitTorrent is often used for illegal file transfers. So, it very well could have been a government agency as a means of law enforcement.
[doublepost=1457403776][/doublepost]
Since BitTorrent is often used for piracy, I’m not surprised.
Click to expand...

That is the most absurd thing I have heard.

It was attacked simply because some hackers found a vulnerabiliy and knew this was a popular client that would be downloaded by a lot of people. They are demanding money.

This is not the govt penalizing people. If it is, it would be a rogue group subject to criminal prosecution themselves.
 
  • Like
Reactions: kdarling
It's a shame that Bit-Torrent is atomactically categorized has a software pirating platform. However, I understand that's what it is used for majority of the time. I don't pirate software, but I do use Bit-Torrent for legitimate open source software distribution. I am looking forward to seeing how the tech reporters respond, and hear their follow ups, if they do now that Apple has reportedly fixed the issue.
 
jblagden said:
I’m not sure, but Transmission is a BitTorrent client, and BitTorrent is often used for illegal file transfers. So, it very well could have been a government agency as a means of law enforcement.
[doublepost=1457403776][/doublepost]
Since BitTorrent is often used for piracy, I’m not surprised.
Click to expand...
Yeah, it is used for piracy...but there are people using to transfer files...and sometimes people do give legal free stuff to download...
 
WigWag Workshop said:
It's a shame that Bit-Torrent is atomactically categorized has a software pirating platform. However, I understand that's what it is used for majority of the time.
Click to expand...
I think this logic is a bit ridiculous. Bittorrent is a technology for efficient file distribution (and a pretty ingenious one), nothing more. There was a time when MP3 (also a brilliant technical innovation) had the stigma of being a music pirating format, since it was primarily used for that before digital music stores became popular. Similarly, many people today think that Bitcoin is only used by criminals and money launderers, but in reality it's a breakthrough innovation whose underlying mechanisms (like the block chain) will likely be used for many interesting applications in the future. This kind of thinking just holds back innovation.
 
  • Like
Reactions: WigWag Workshop
aroom said:
Little Snitch is definitely a must have.
Click to expand...

Yes it is, it can be annoying (especially at first) but it could save your ass if something like this hit you. Just have to make sure you don't get into the habit of hitting allow to everything.
[doublepost=1457408933][/doublepost]
MacHead84 said:
kernel_task is running under Activity Monitor.
Should that worry me?
Click to expand...

No, you should be ok. Its "Kernel_Service" you need to be worried about.
 
  • Like
Reactions: MacHead84
eoblaed said:
Torrenting is used overwhelming for pirating. I have zero sympathy for those that pirate.
Click to expand...
Right, because piracy = bad, and there are absolutely zero circumstances where it would be justified and/or the only option. You just keep on thinking that ;)

Oh, and there are plenty of non-piracy uses for BitTorrent. It's simply a method of file transfer that has many practical applications. In fact, even Apple runs a BitTorrent tracker, and its purpose is most likely not piracy.
 
In the meantime .....
"Apple to pay $450 million as U.S. Supreme Court rejects e-books price-fixing appeal"
"Apple’s liability for knowingly conspiring with book publishers to raise the prices of e-books is settled once and for all"
 
And while we all just "uninstall or upgrade" to something we never will know if another uodate "promises" to remove it, or completely, i will do the same as i woukd on Windoes..

Clean install... I dunno why un the Apple world we all thing different just because its more secure.

Can't u hide stuff as well on Mac? Of course u can. So i use the same rules.. I won't install until i know this guy's server is ok. I'm not going to forever updating thinking jt may remove, on,y to get bugged again tommorrow.
 
The company has since changed the server security settings from the default setting of 'Pretty Secure' to the maximum setting of 'Super Secure' as everyone wondered aloud why the default setting wasn't 'Super Secure' in the first place.
[doublepost=1457415613][/doublepost]Didn't Kernel Service fight with Rommel in north Africa
 
gugy said:
None, so far. Just wondering if Vuze is can have this sort of issue.
Click to expand...
It can happen w Any app
[doublepost=1457416203][/doublepost]
Tech198 said:
And while we all just "uninstall or upgrade" to something we never will know if another uodate "promises" to remove it, or completely, i will do the same as i woukd on Windoes..

Clean install... I dunno why un the Apple world we all thing different just because its more secure.

Can't u hide stuff as well on Mac? Of course u can. So i use the same rules.. I won't install until i know this guy's server is ok. I'm not going to forever updating thinking jt may remove, on,y to get bugged again tommorrow.
Click to expand...
The thing is Apple os is as secure as Windows. It's just less appealing due to numbers of infected users. Nevertheless this type of hack can happen w any os that can do installs outside of a closed store.
 
redheeler said:
Right, because piracy = bad, and there are absolutely zero circumstances where it would be justified and/or the only option. You just keep on thinking that ;)

Oh, and there are plenty of non-piracy uses for BitTorrent. It's simply a method of file transfer that has many practical applications. In fact, even Apple runs a BitTorrent tracker, and its purpose is most likely not piracy.
Click to expand...

I direct you to a later post of mine where I address legitimate vs. non-legitimate uses and the difference between the tech being used implicitly by servers vs people using it to steal. There are several supporting links that point out the overwhelming majority of file-share traffic is illegal.

https://forums.macrumors.com/thread...aded-6-500-times.1960103/page-3#post-22646467

Oh, and yes. There are zero legitimate reasons for piracy. Just because you can't afford it legitimately doesn't make it ok to steal. Food? Water? A case can be made for justification of stealing things you need to live. The latest album or tv show episode do not fall into that category, by any stretch.
 
Last edited:
so i have got this correct: to have got infected, you had to download the app directly from their site or a third party site for the DMG file?

if you had the app installed already and did an update via a prompt from the app, you're okay? (auto updating?)
 
TitoC said:
I also have ZERO sympathy. But for people who know very little or who are completely oblivious to the real world use of torrenting and comment like they are in the "know" and lift their noses in disgust. I have several clients and collaborators who I constantly share very large files with. Many of my clients are game developers and video editors and they deal with large chunks of files that are much easier and quicker to download as a torrent as opposed to a large single file when collaborating.

Here are just a few examples of LEGAL everyday uses of torrenting:

  • Blizzard Entertainment uses its own BitTorrent client to download World of Warcraft, Starcraft II, and Diablo III games. When you purchase one of these games and download it, you’re actually just downloading a BitTorrent client that will do the rest of the work.
  • Facebook and Twitter Use BitTorrent Internally
  • Many government agencies use torrent files.
While yes, most pirated items are shared and downloaded via torrent files, not all torrent files are used for pirating. That's like saying that most car thieves use coat hangers to break into cars so anyone who uses a coat hanger must be a thief. Please!
Click to expand...


Well stated!

So many "know-it-alls" turn out to be "know nothings" these days, and their BS needs to be called out. If you don't call it out, it get's passed on to other "know-it-alls" as fact. It's a real problem for such a variety of issues. It ends up that the news is full of fiction or propaganda, and just about anything you hear, the opposite is more likely to be closer to the truth!
 
Torrenting is to pirating like video game emulators are to illegal ROMs. People can defend them but they are still mostly used in illegal manners.
 
gsmornot said:
I almost downloaded this app based on a recent update news story. It said it had been a while since this was last updated and made me think I might like to try it. Good thing I had to travel and forgot about it until this story reminded me again. Whew, that was close. Ha.
Click to expand...
Indeed. Then again, the malware kicks in "only" after 3 days. I actually saw a tweet about the update to 2.90 over the weekend. Downloaded the new version and trashed it on Monday morning when reading the MR article.
No "kernel_service" file or process found on my Mac... phew!
 
I'm OK too, thankfully.

I downloaded the 2.90 version on 28th February at 00.04 GMT. The infected version appeared after this. I got rid of it anyway and wont be downloading Transmission again.

Users who have directly downloaded Transmission installer from official website after 11:00am PST, March 4, 2016 and before 7:00pm PST, March 5, 2016, may be been infected by KeRanger. If the Transmission installer was downloaded earlier or downloaded from any third party websites, we also suggest users perform the following security checks. Users of older versions of Transmission do not appear to be affected as of now.
 
zorinlynx said:
It'd be nice if the Transmission developers would explain how their site got compromised.

Still no word from them at all. We need a statement from them to show how this happened and the steps they are taking to prevent it from happening again, otherwise all trust in this developer is pretty much gone.
Click to expand...

And yet, I'm willing to bet that you and most others downloaded version 2.92 and are still leaving their software on their computer.
 
  • Like
Reactions: arnoz
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back