First Mac Ransomware Found in Transmission BitTorrent Client

transmission-29
This weekend, a notice appeared on Transmissionbt.com warning users that version 2.90 of the popular Mac BitTorrent client downloaded from their site may have been infected with malware. The warning reads:

Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file.

Using “Activity Monitor” preinstalled in OS X, check whether any process named “kernel_service” is running. If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users//Library/kernel_service”. If so, the process is KeRanger’s main process. We suggest terminating it with “Quit -> Force Quit”

Reuters reports that the infected download contained the first "Ransomware" found on the Mac platform. Ransomware is a type of malware that encrypts a user's hard drive and demands payment in order to unencrypt it. This type of attack has been increasingly popular on the PC, but this is the first time it has been seen on the Mac.

According to Reuters, Apple is aware of the issue and has already revoked "a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs."

The malware in question is said to delay encrypting the user's hard drive for 3 days, so we may see the first reports of those affected as early as Monday. Transmissionbt.com offers instructions on how to see you are affected (above). If you don't use the Transmission software, there is nothing you need to do at this time.

Update: Technical details about the malware.

Update 2: Transmissionbt.com says version 2.92 of Transmission will actively remove the malware.

Top Rated Comments

stridemat Avatar
92 months ago
to be expected when people use BitTorrent, I have zero sympathy for people who pirate stuff!
Whilst most the time both go hand in hand, BitTorrent is just a method of file transfer and not directly related to piracy.
Score: 52 Votes (Like | Disagree)
8692574 Avatar
92 months ago
Cant really blame Apple for data loss if you
(a) Don't make regular backups
(b) Install bit torrent clients (from a website no less) Which have little or no legitimate use other than piracy
to be expected when people use BitTorrent, I have zero sympathy for people who pirate stuff!
Torrent are used for more than piracy my friend, we are not in the early 2000 anymore!!

All Linux distribution are downoadable with torrent and they are 100% legit!
Score: 32 Votes (Like | Disagree)
elcdbot Avatar
92 months ago
Lol, I don't think I've met an even SLIGHTLY savvy computer user (Mac or PC) in the last eight years or so that uses a client other than uTorrent.
Given that ALL torrent apps are free, why would anyone download this????????
Stability and no ads. Never had a problem with Transmission as my default client.
Score: 27 Votes (Like | Disagree)
mnsportsgeek Avatar
92 months ago
Apparently it only affects users who downloaded it off of the website and not those who used the in app update.
Score: 27 Votes (Like | Disagree)
TheHorrorNerd Avatar
92 months ago
... if you use time machine
Cant really blame Apple for data loss if you
(a) Don't make regular backups
(b) Install bit torrent clients (from a website no less) Which have little or no legitimate use other than piracy
Score: 26 Votes (Like | Disagree)
Weaselboy Avatar
92 months ago
Looks like Apple has updated XProtect for this KeRanger malware already. This is from my xprotect.plist file.



Attachment Image
Score: 24 Votes (Like | Disagree)

Popular Stories

iPhone 15 Pro Buttons CAD Leak

iPhone 15 Pro Leak Reveals Unified Volume Button and Mute Button

Monday March 20, 2023 8:33 am PDT by
As previously rumored, the next-generation iPhone 15 Pro and iPhone 15 Pro Max will feature a unified volume button and a mute button, according to leaked CAD images shared in a video on the Chinese version of TikTok and posted to Twitter by ShrimpApplePro. Instead of separate buttons for volume up and volume down, the iPhone 15 Pro models are expected to have a single elongated button for...
iOS 16

iOS 16.4 for iPhone Nearing Launch With These 5 New Features

Monday March 20, 2023 11:50 am PDT by
Apple says iOS 16.4 is coming in the spring, which began this week. In his Sunday newsletter, Bloomberg's Mark Gurman said the update should be released "in the next three weeks or so," meaning a public release is likely in late March or early April. iOS 16.4 remains in beta testing and introduces a handful of new features and changes for the iPhone. Below, we have recapped five new features ...
voice isolation

iOS 16.4 Adds Voice Isolation for Cellular Phone Calls

Tuesday March 21, 2023 11:01 am PDT by
The iOS 16.4 update that is set to be released to the public in the near future includes voice isolation for cellular calls, according to notes that Apple shared today. Apple says that Voice Isolation will prioritize your voice and block out the ambient noise around you, making for clearer phone calls where you can better hear the person you're chatting with and vice versa. Voice...
original iphone auction

Factory-Sealed Original iPhone Sells for $55,000 at Auction

Friday March 17, 2023 1:08 pm PDT by
A first-generation iPhone still sealed inside its box sold for $54,904 at auction, which is more than $54,000 over the original $599 price tag of the device when it was released in 2007. The original iPhone was put up for sale by RR Auction on behalf of a former Apple employee who purchased it back when it first came out. Back in February, an original, sealed iPhone sold for over $63,000,...
airpodsd 3 purple 4

iOS 16.4 Seemingly References New AirPods and AirPods Case

Tuesday March 21, 2023 11:43 am PDT by
The iOS 16.4 release candidate version that was provided to developers today appears to hint at a new set of AirPods that could be coming in the near future. According to @aaronp613, the beta features references to AirPods that have a model number of A3048 and an AirPods case with a model number of A2968. There have been no rumors that new AirPods are on the horizon, and it is early for...
iOS 16

Apple Seeds Release Candidate Versions of iOS 16.4 and iPadOS 16.4 to Developers [Update: Public RC Available]

Tuesday March 21, 2023 10:25 am PDT by
Apple today seeded the release candidate versions of upcoming iOS 16.4 and iPadOS 16.4 updates to developers for testing purposes, with the software coming a week after the launch of the fourth betas. The RCs mark the final version of the software that will be provided to the public in the near future. Registered developers are able to download the iOS 16.4 and iPadOS 16.4 updates...
google bard

Google Opens Up Access to Bard AI Chatbot

Tuesday March 21, 2023 4:23 pm PDT by
Google today began allowing users to sign up to use Bard, its AI-powered chatbot that rivals Microsoft's Bing chatbot. First announced back in February, Bard is an experimental conversational AI service for Google Search. Those interested in Bard can join Google's waitlist to get access, and some users have reported getting invitation emails just hours after signing up. There are a long list ...
smart monitor m8 samsung

Deals: Samsung's iMac-Like Smart Monitor M8 Drops to Lowest Price of Year So Far With $250 Discount

Monday March 20, 2023 8:27 am PDT by
Samsung today kicked off a special "Discover Samsung" event, which will be a week-long savings event focusing on Samsung monitors, smartphones, TVs, appliances, and more. While some deals will stick around the entire week (through March 26), others will refresh every day. Note: MacRumors is an affiliate partner with Samsung. When you click a link and make a purchase, we may receive a small...