Main menu

Pages

First ransomware targeting Mac users discovered in Transmission BitTorrent client

Users of the popular open-source Transmission BitTorrent client for OS X were in for quite a surprise this weekend when it was discovered that certain installers for version 2.90 of the application were found to bundle unwanted ransomware with the installation, which is a type of malware that restricts file access across the system to cause trouble for the user.

Dubbed KeRanger by security research firm Palo Alto Networks, the malicious software will try to encrypt the user’s system files in such a way as to tamper with the user’s access to their Mac and then force the user to pay money to get their access back.

The team has also issued the v2.92 update for the app that will automatically remove the malware from your Mac once installed.
Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file. This new version will make sure that the “OSX.KeRanger.A” ransomware (more information available here) is correctly removed from your computer.
Users of 2.91 should also immediately upgrade to and run 2.92. Even though 2.91 was never infected, it did not automatically remove the malware-infected file.
Apparently, the ransomware is only installed on your Mac if you directly downloaded the DMG of the update from Transmission’s website, and not if you installed the update from within the app itself.

The ransomware called “KeRanger” will automatically start encrypting hard disks three days after infecting a Mac and will then ask users to shell out money to allow them to retrieve their data. The ransom money it is asking is 1 bitcoin or about $US400.

If you use Transmission, it is highly recommended that you update to the latest version of the app right away to remove the malware from your Mac. Apple is already aware of the issue and has revoked the digital Apple Developer certificate of the Transmission team for the time being. 
reactions

Comments