First Mac Ransomware Found in Transmission BitTorrent Client - MacRumors
Skip to Content

First Mac Ransomware Found in Transmission BitTorrent Client

by

transmission-29
This weekend, a notice appeared on Transmissionbt.com warning users that version 2.90 of the popular Mac BitTorrent client downloaded from their site may have been infected with malware. The warning reads:

Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file.

Using “Activity Monitor” preinstalled in OS X, check whether any process named “kernel_service” is running. If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users//Library/kernel_service”. If so, the process is KeRanger’s main process. We suggest terminating it with “Quit -> Force Quit”

Reuters reports that the infected download contained the first "Ransomware" found on the Mac platform. Ransomware is a type of malware that encrypts a user's hard drive and demands payment in order to unencrypt it. This type of attack has been increasingly popular on the PC, but this is the first time it has been seen on the Mac.

According to Reuters, Apple is aware of the issue and has already revoked "a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs."

The malware in question is said to delay encrypting the user's hard drive for 3 days, so we may see the first reports of those affected as early as Monday. Transmissionbt.com offers instructions on how to see you are affected (above). If you don't use the Transmission software, there is nothing you need to do at this time.

Update: Technical details about the malware.

Update 2: Transmissionbt.com says version 2.92 of Transmission will actively remove the malware.

Popular Stories

Dynamic Island iPhone 18 Pro Feature

11 Reasons to Wait for the iPhone 18 Pro

Monday May 11, 2026 9:01 am PDT by
We're only four months out from the launch of Apple's premium next-generation smartphone lineup, and while we're not expecting a sea change in terms of functionality, there are still several enhancements rumored to be coming to the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth noting is that Apple is reportedly planning a major change to its iPhone release cycle this year, adopting a...
Read Full Article35 comments
iOS 26

iOS 26.5 Features: Everything New in iOS 26.5

Monday May 11, 2026 5:09 pm PDT by
Apple released iOS 26.5 after a few months of beta testing, and while it doesn't have the Siri features we were hoping for since those are being held until iOS 27, there are a handful of useful changes worth knowing about. Subscribe to the MacRumors YouTube channel for more videos. End-to-End Encryption for RCS Support for end-to-end encryption (E2EE) for RCS messages between iPhone and...
Read Full Article62 comments
General Apps Reddit Feature

Reddit Starts Blocking Mobile Website, Pushing Users to App Instead

Monday May 11, 2026 6:10 am PDT by
Social network Reddit recently began blocking mobile visitors to its website while pushing them to download the official Reddit app, and it's fair to say that the move is not going down well with users. If you visit reddit.com on your iPhone today, you may see a new popup that can't be dismissed, asking you to "get the app to keep using Reddit." A Reddit spokesperson told Ars Technica...
Read Full Article125 comments

Top Rated Comments

stridemat Avatar
stridemat
133 months ago
to be expected when people use BitTorrent, I have zero sympathy for people who pirate stuff!
Whilst most the time both go hand in hand, BitTorrent is just a method of file transfer and not directly related to piracy.
Score: 52 Votes (Like | Disagree)
8692574 Avatar
8692574
133 months ago
Cant really blame Apple for data loss if you
(a) Don't make regular backups
(b) Install bit torrent clients (from a website no less) Which have little or no legitimate use other than piracy
to be expected when people use BitTorrent, I have zero sympathy for people who pirate stuff!
Torrent are used for more than piracy my friend, we are not in the early 2000 anymore!!

All Linux distribution are downoadable with torrent and they are 100% legit!
Score: 32 Votes (Like | Disagree)
E
elcdbot
133 months ago
Lol, I don't think I've met an even SLIGHTLY savvy computer user (Mac or PC) in the last eight years or so that uses a client other than uTorrent.
Given that ALL torrent apps are free, why would anyone download this????????
Stability and no ads. Never had a problem with Transmission as my default client.
Score: 27 Votes (Like | Disagree)
M
mnsportsgeek
133 months ago
Apparently it only affects users who downloaded it off of the website and not those who used the in app update.
Score: 27 Votes (Like | Disagree)
T
TheHorrorNerd
133 months ago
... if you use time machine
Cant really blame Apple for data loss if you
(a) Don't make regular backups
(b) Install bit torrent clients (from a website no less) Which have little or no legitimate use other than piracy
Score: 26 Votes (Like | Disagree)
Weaselboy Avatar
Weaselboy
133 months ago
Looks like Apple has updated XProtect for this KeRanger malware already. This is from my xprotect.plist file.



Attachment Image
Score: 24 Votes (Like | Disagree)
Read All Comments