First Mac Ransomware Found in Transmission BitTorrent Client

transmission-29
This weekend, a notice appeared on Transmissionbt.com warning users that version 2.90 of the popular Mac BitTorrent client downloaded from their site may have been infected with malware. The warning reads:

Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file.

Using “Activity Monitor” preinstalled in OS X, check whether any process named “kernel_service” is running. If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users//Library/kernel_service”. If so, the process is KeRanger’s main process. We suggest terminating it with “Quit -> Force Quit”

Reuters reports that the infected download contained the first "Ransomware" found on the Mac platform. Ransomware is a type of malware that encrypts a user's hard drive and demands payment in order to unencrypt it. This type of attack has been increasingly popular on the PC, but this is the first time it has been seen on the Mac.

According to Reuters, Apple is aware of the issue and has already revoked "a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs."

The malware in question is said to delay encrypting the user's hard drive for 3 days, so we may see the first reports of those affected as early as Monday. Transmissionbt.com offers instructions on how to see you are affected (above). If you don't use the Transmission software, there is nothing you need to do at this time.

Update: Technical details about the malware.

Update 2: Transmissionbt.com says version 2.92 of Transmission will actively remove the malware.

Top Rated Comments

stridemat Avatar
99 months ago
to be expected when people use BitTorrent, I have zero sympathy for people who pirate stuff!
Whilst most the time both go hand in hand, BitTorrent is just a method of file transfer and not directly related to piracy.
Score: 52 Votes (Like | Disagree)
8692574 Avatar
99 months ago
Cant really blame Apple for data loss if you
(a) Don't make regular backups
(b) Install bit torrent clients (from a website no less) Which have little or no legitimate use other than piracy
to be expected when people use BitTorrent, I have zero sympathy for people who pirate stuff!
Torrent are used for more than piracy my friend, we are not in the early 2000 anymore!!

All Linux distribution are downoadable with torrent and they are 100% legit!
Score: 32 Votes (Like | Disagree)
elcdbot Avatar
99 months ago
Lol, I don't think I've met an even SLIGHTLY savvy computer user (Mac or PC) in the last eight years or so that uses a client other than uTorrent.
Given that ALL torrent apps are free, why would anyone download this????????
Stability and no ads. Never had a problem with Transmission as my default client.
Score: 27 Votes (Like | Disagree)
mnsportsgeek Avatar
99 months ago
Apparently it only affects users who downloaded it off of the website and not those who used the in app update.
Score: 27 Votes (Like | Disagree)
TheHorrorNerd Avatar
99 months ago
... if you use time machine
Cant really blame Apple for data loss if you
(a) Don't make regular backups
(b) Install bit torrent clients (from a website no less) Which have little or no legitimate use other than piracy
Score: 26 Votes (Like | Disagree)
Weaselboy Avatar
99 months ago
Looks like Apple has updated XProtect for this KeRanger malware already. This is from my xprotect.plist file.



Attachment Image
Score: 24 Votes (Like | Disagree)

Popular Stories

BMW Logo iPhone 15 Pro

Warning: BMW Wireless Charging May Break iPhone 15's Apple Pay Chip

Sunday October 1, 2023 6:14 am PDT by
If you have an iPhone 15 and drive a BMW, it might be best to avoid charging the device with the vehicle's wireless charging pad for now. Over the past week, some BMW owners have complained that their iPhone 15's NFC chip no longer works after charging the device with their vehicle's wireless charging pad, according to comments shared on the MacRumors Forums and X, formerly known as Twitter. ...
Multi Display CarPlay 1

All-New Apple CarPlay Launching Later This Year With These 5 New Features

Friday September 29, 2023 11:29 am PDT by
At WWDC 2022 last year, Apple previewed the next generation of CarPlay, promising deeper integration with vehicle functions like A/C and FM radio, support for multiple displays across the dashboard, personalization options, and more. Apple said the first vehicles with support for the next-generation CarPlay experience would be announced in late 2023, but it has still not shared any additional...
Apple Watch Edition Gold 2015

Original Apple Watch is Now Obsolete, Including $17,000 Gold Model

Monday October 2, 2023 9:15 am PDT by
All first-generation Apple Watch models released in 2015 were added to Apple's obsolete products list on September 30, according to an internal memo obtained by MacRumors. As a result, these outdated "Series 0" watches are no longer eligible for repairs or other service at Apple Stores and Apple Authorized Service Provider locations. The list of obsolete models includes the first-generation...
iPhone 15 Pro lineup

Apple to Address iPhone 15 Pro Overheating Issue With iOS 17 Update

Saturday September 30, 2023 9:28 am PDT by
Apple plans to release an iOS 17 update to address a bug that may contribute to the reported iPhone 15 Pro and iPhone 15 Pro Max overheating issue, according to a statement the company shared today with MacRumors and Forbes reporter David Phelan. Apple also says some recent updates to third-party apps have overloaded the system and contributed to the overheating issue. The report notes that...
Apple Logo Spotlight

Mac Trade-In Changes May Indicate New Model to Launch This Month

Tuesday October 3, 2023 6:30 am PDT by
Apple may be proceeding with plans to release a new Mac model this month, according to potentially related information obtained by MacRumors. Details pertaining to imminent changes to Mac trade-ins provided to MacRumors by a verified source suggest that Apple will likely begin accepting new models for trade-in this month. Similar changes in June coincided with WWDC, when Apple began accepting...
iphone se 4 modified flag edges

iPhone SE 4 Details: Action Button, USB-C Port, Face ID, and More

Wednesday September 27, 2023 1:34 pm PDT by
Significant changes are expected to arrive with Apple's fourth-generation iPhone SE, in terms of both design and hardware, MacRumors has learned. The iPhone SE 4, known internally under the codename Ghost, is expected to receive a new design derived almost entirely from the base model iPhone 14. According to our sources, the iPhone SE 4 will use a modified version of the iPhone 14 chassis...