
Transmission, a widely popular and well-respected decade-old BitTorrent client has become the first OSX application to be infected with malware. The malware at hand is ransomware.
True to its name, the malware forcibly encrypts the user’s data and requires one bitcoin (around 400$) as a ransom for the user to regain control of the computer. If the user doesn’t comply, their data is threatened.
Ransomware is a popular malware on Windows, but until now, it hasn’t entered the mac scene.
Ryan Olson, from Palo Alto Networks, explained to Reuters that ransomware is one “of the most popular criminal business models. The fact that it hasn’t made it to Mac shows that it’s had a great amount of success on the Windows side. But the fact that [the malware] was distributed through a legit application demonstrates that we will see this again.“
Users first started noticing issues with the latest Transmission client on the website’s message board. Reports explained that ransomware malware was detected in version 2.90.The malware was identified as “OSX.KeRanger.A”.
Researchers in the Palo Alto Networks confirmed this suspicion and provided details on their website. “The KeRanger application was signed with a valid Mac app development certificate; therefore, it was able to bypass Apple’s Gatekeeper protection. If a user installs the infected apps, an embedded executable file is run on the system. KeRanger then waits for three days before connecting with command and control (C2) servers over the Tor anonymizer network.”
Apple has since removed the abused certificate and updated the XProtect antivirus signature.
Transmission has also removed the malicious installers from their website—providing a warning message detailing necessary actions to prevent any ransomware ransoms:
“Everyone running 2.90 on OS X should immediately upgrade to 2.92 as they may have downloaded a malware-infected file. This new version will make sure that the ‘OSX.KeRanger.A’ ransomware is correctly removed from your computer.”