• First Mac Ransomware Found in Transmission BitTorrent Client

    .
    .
    Users who downloaded the Transmission BitTorrent client on Friday or Saturday are being warned to update to the latest 2.92 version to avoid being targeted by a ransomware that infiltrated an earlier version of the open source software.


    laud Xiao and Jin Chen of Palo Alto Networks reported on the threat earlier today, noting that "attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4."

    KeRanger is the name given to what is believed to be the "first fully functional" ransomware on the OS X platform. When incorporated into an app, the malware connects to a remote server via the Tor anonymizing service, then "begins encrypting certain types of document and data files on the system."

    The malware then "demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files." Researchers say the malicious code is "under active development" and seems to be trying to also encrypt users' Time Machine backups to also prevent them from being able to recover their backed up data.

    Mac OS X's GateKeeper, XProtect spring into action

    The same day that Palo Alto Networks discovered the threat—which was distributed with the Transmission app in a DMG package signed by a valid developer ID—Apple revoked the signing certificate involved to prevent new installations of the infected version via the Mac's iOS-like GateKeeper signed-app security system.

    Apple also began automatic distribution of an OS X XProtect antivirus signature to flag and quarantine existing compromised downloads.

    The security firm noted that anyone who directly installed Transmission between March 4th and March 5th may be infected with the KeRanger malware, and outlined steps to identify and remove the malware if it has already been installed.


    Because Apple has already revoked the certificate and distributed an XProtect update, anyone attempting to open a known-infected version of the Transmission app will now be given a warning dialog box that notes "Transmission.app will damage your computer. You should move it to the Trash," or "Transmission can't be opened. You should eject the disk image."

    A clean, updated 2.91 version of the Transmission app can be downloaded from the app developer's website.

    [via ResearchCenter]
    This article was originally published in forum thread: Malware-infected Transmission 2.9 app threatened OS X users started by Caiden Spencer View original post
    Comments 14 Comments
    1. bigbaba's Avatar
      bigbaba -
      Had to happen sooner or later
    1. fleurya's Avatar
      fleurya -
      Quote Originally Posted by bigbaba View Post
      Had to happen sooner or later
      It's happened before. It will happen again.

      I don't believe that there are people out there who actually believe Macs are immune to viruses and malware. They're just the same people as the people on Windows who get infected: they don't take proper precautions and assume they'll be safe with what they're doing. It's an OS-agnostic situation.

      People just need to follow the same basic precautions that have been around for decades and they'll be fine:
      - don't download sketchy software from sketchy resources.
      - Don't open email attachments or email from unknown sources.
      - always have your backup updated so if you do get something out of human error or a more sophisticated form of malware like this you can simply wipe your drive and restart from the backup.

      I've never had malware or a virus on OS X or windows by following these basic rules.
    1. Bo's Avatar
      Bo -
      If the hackers want in, they will find a way. Just have to protect yourself.
    1. bigbaba's Avatar
      bigbaba -
      Quote Originally Posted by fleurya View Post
      It's happened before. It will happen again.

      I don't believe that there are people out there who actually believe Macs are immune to viruses and malware. They're just the same people as the people on Windows who get infected: they don't take proper precautions and assume they'll be safe with what they're doing. It's an OS-agnostic situation.

      People just need to follow the same basic precautions that have been around for decades and they'll be fine:
      - don't download sketchy software from sketchy resources.
      - Don't open email attachments or email from unknown sources.
      - always have your backup updated so if you do get something out of human error or a more sophisticated form of malware like this you can simply wipe your drive and restart from the backup.

      I've never had malware or a virus on OS X or windows by following these basic rules.
      Well statistically speaking you were less likely to catch some sort of malware on a Mac due to there simply being less out there. Even now compare how much ransom ware is out there for the Mac compared to Windows. What makes this troubling is that the app would have passed gatekeeper on install.

      But you are right users need to be diligent regardless of their platform.


      Sent from my iPhone using Tapatalk
    1. bigbaba's Avatar
      bigbaba -
      Quote Originally Posted by blkcadi View Post
      If the hackers want in, they will find a way. Just have to protect yourself.
      And it just had to be a torrenting app!


      Sent from my iPhone using Tapatalk
    1. Ambi_Valence's Avatar
      Ambi_Valence -
      Quote Originally Posted by fleurya View Post
      It's happened before. It will happen again.

      I don't believe that there are people out there who actually believe Macs are immune to viruses and malware. They're just the same people as the people on Windows who get infected: they don't take proper precautions and assume they'll be safe with what they're doing. It's an OS-agnostic situation.
      I disagree, I think there are plenty of people that think Macs are invincible.
    1. bbrks's Avatar
      bbrks -
      Quote Originally Posted by bigbaba View Post
      And it just had to be a torrenting app!


      Sent from my iPhone using Tapatalk
      Well, yeah, I don't think something like that would come up from an app from App Store....
    1. Caiden Spencer's Avatar
      Caiden Spencer -
      Quote Originally Posted by blkcadi View Post
      If the hackers want in, they will find a way. Just have to protect yourself.
      Yeah, or don't download a torrenting program
    1. Ambi_Valence's Avatar
      Ambi_Valence -
      Why not?
    1. bbrks's Avatar
      bbrks -
      Torrent = 3rd party "app" = danger !!!! or am I wrong?
    1. Ambi_Valence's Avatar
      Ambi_Valence -
      Quote Originally Posted by bbrks View Post
      Torrent = 3rd party "app" = danger !!!! or am I wrong?
      LOL, a little short sighted perhaps. I’ll quote you a Mac Rumors member;
      Torrent are used for more than piracy my friend, we are not in the early 2000 anymore!!

      All Linux distribution are downoadable with torrent and they are 100% legit!
    1. bbrks's Avatar
      bbrks -
      OK, then I'll stick to the part "3rd party app", not signed by Apple
    1. Ambi_Valence's Avatar
      Ambi_Valence -
      Quote Originally Posted by bbrks View Post
      OK, then I'll stick to the part "3rd party app", not signed by Apple
      I think this one was though as it got by Gatekeeper?
    1. fleurya's Avatar
      fleurya -
      Quote Originally Posted by bbrks View Post
      OK, then I'll stick to the part "3rd party app", not signed by Apple
      It was signed by Apple, but they removed it as soon as they found out what happened.
  • Connect With Us

  • Twitter Box

  • Facebook