First Mac Ransomware Found in Transmission BitTorrent Client

Sunday March 6, 2016 11:34 am PST by Arnold Kim
transmission-29
This weekend, a notice appeared on Transmissionbt.com warning users that version 2.90 of the popular Mac BitTorrent client downloaded from their site may have been infected with malware. The warning reads:
Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file.

Using “Activity Monitor” preinstalled in OS X, check whether any process named “kernel_service” is running. If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users//Library/kernel_service”. If so, the process is KeRanger’s main process. We suggest terminating it with “Quit -> Force Quit”
Reuters reports that the infected download contained the first "Ransomware" found on the Mac platform. Ransomware is a type of malware that encrypts a user's hard drive and demands payment in order to unencrypt it. This type of attack has been increasingly popular on the PC, but this is the first time it has been seen on the Mac.

According to Reuters, Apple is aware of the issue and has already revoked "a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs."

The malware in question is said to delay encrypting the user's hard drive for 3 days, so we may see the first reports of those affected as early as Monday. Transmissionbt.com offers instructions on how to see you are affected (above). If you don't use the Transmission software, there is nothing you need to do at this time.

Update: Technical details about the malware.

Update 2: Transmissionbt.com says version 2.92 of Transmission will actively remove the malware.

[ 373 comments ]

Top Rated Comments

(View all)

Avatar
stridemat
51 months ago

to be expected when people use BitTorrent, I have zero sympathy for people who pirate stuff!

Whilst most the time both go hand in hand, BitTorrent is just a method of file transfer and not directly related to piracy.
Rating: 52 Votes
Avatar
8692574
51 months ago

Cant really blame Apple for data loss if you
(a) Don't make regular backups
(b) Install bit torrent clients (from a website no less) Which have little or no legitimate use other than piracy


to be expected when people use BitTorrent, I have zero sympathy for people who pirate stuff!


Torrent are used for more than piracy my friend, we are not in the early 2000 anymore!!

All Linux distribution are downoadable with torrent and they are 100% legit!
Rating: 32 Votes
Avatar
elcdbot
51 months ago

Lol, I don't think I've met an even SLIGHTLY savvy computer user (Mac or PC) in the last eight years or so that uses a client other than uTorrent.
Given that ALL torrent apps are free, why would anyone download this????????


Stability and no ads. Never had a problem with Transmission as my default client.
Rating: 27 Votes
Avatar
mnsportsgeek
51 months ago
Apparently it only affects users who downloaded it off of the website and not those who used the in app update.
Rating: 27 Votes
Avatar
TheHorrorNerd
51 months ago

... if you use time machine

Cant really blame Apple for data loss if you
(a) Don't make regular backups
(b) Install bit torrent clients (from a website no less) Which have little or no legitimate use other than piracy
Rating: 26 Votes
Avatar
Weaselboy
51 months ago
Looks like Apple has updated XProtect for this KeRanger malware already. This is from my xprotect.plist file.



Rating: 24 Votes
Avatar
Weaselboy
51 months ago

Lol, I don't think I've met an even SLIGHTLY savvy computer user (Mac or PC) in the last eight years or so that uses a client other than uTorrent.
Given that ALL torrent apps are free, why would anyone download this????????


I doubt you know many Mac torrent users then, because Transmission is very popular among Mac users. uTorrent now bundles adware along with their installer, so there is also that.
Rating: 23 Votes
Avatar
paradox00
51 months ago

Lol, I don't think I've met an even SLIGHTLY savvy computer user (Mac or PC) in the last eight years or so that uses a client other than uTorrent.
Given that ALL torrent apps are free, why would anyone download this????????


You must have only met slightly savvy computer users then.
Rating: 19 Votes
Avatar
0098386
51 months ago
That's worrying. You're encouraged to constantly keep your applications and OS updated, but recently that's becoming troublesome. First with Apple's silent security update disabling wired networks and now this! Worrying year for security this.
Rating: 17 Votes
Avatar
Hastings101
51 months ago

Lol, I don't think I've met an even SLIGHTLY savvy computer user (Mac or PC) in the last eight years or so that uses a client other than uTorrent.
Given that ALL torrent apps are free, why would anyone download this????????


Transmission was a pretty good application that didn't have all the junk and spyware uTorrent tries to install. I don't know why a tech savvy user would be using uTorrent, though I guess the same holds true for Transmission now.
Rating: 16 Votes

[ Read All Comments ]