TransmissionJust five months after Transmission was infected with the first "ransomware" ever found on the Mac, the popular BitTorrent client is again at the center of newly uncovered OS X malware.

Researchers at security website We Live Security have discovered the malware, called OSX/Keydnap, was spread through a recompiled version of Transmission temporarily distributed through the client's official website.

OSX/Keydnap executes itself in a similar manner as the previous Transmission ransomware KeRanger, by adding a malicious block of code to the main function of the app, according to the researchers. Likewise, they said a legitimate code signing key was used to sign the malicious Transmission app, different from the legitimate Transmission certificate, but still signed by Apple and thereby able to bypass Gatekeeper on OS X.

The researchers said they notified the Transmission team about the malware, and within minutes they removed the malicious file from their web server and launched an investigation. The researchers believe the infected Transmission app was signed on August 28 and distributed only on August 29, and thus recommend anyone who downloaded version 2.92 of the app between those dates to verify if their system is compromised by checking for the presence of any of the following files or directories:

  • /Applications/Transmission.app/Contents/Resources/License.rtf

  • /Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf

  • $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd

  • $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id

  • $HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist

  • /Library/Application Support/com.apple.iCloud.sync.daemon/

  • $HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plist

Transmission version 2.92 remains available through the software's update mechanism.

Top Rated Comments

Picka Avatar
119 months ago
uTorrent FTW...
Said no one. Ever.
Score: 29 Votes (Like | Disagree)
sualpine Avatar
119 months ago
This wouldn't happen if torrent apps were allowed in the App Store.
Score: 25 Votes (Like | Disagree)
Scellow Avatar
119 months ago
uTorrent FTW...
utorrent is worse
Score: 17 Votes (Like | Disagree)
keysofanxiety Avatar
119 months ago
Come on, guys. Secure your server already.
Sources say that the armoured gerbil protecting the server room was distracted by a morsel of cheese.
Score: 12 Votes (Like | Disagree)
Makosuke Avatar
119 months ago
Transmission is an extremely polished client, so it's rather disappointing that they've managed to get their official builds, distributed from their own website, built with malware twice now. That does not speak well, at all, to how they maintain either their servers or their dev team.

An aside to those ragging on BitTorrent:

First, there are surprisingly enough some legit things that are now distributed primarily or exclusively through BT. I needed to get Transmission running to download ATI's tech demo package recently.

And second, while its obviously heavily abused to pirate content, there is also a huge grey area of technically-not-okay things that don't really fall into the standard bin of piracy. Example: J-dramas. While this has been improving (mostly Crunchyroll and, for K-dramas, Hulu) there are still many, particularly older ones, that have never been licensed or officially released outside Japan, so while there's always the "market poisoning" question if somebody does consider licensing in the future, there's currently no legitimate way to view them if you live in the US, and since there is no official distributor in this country there's also nobody defending the copyrights. Conversely, it's quite likely that if there was no underground scene of fansubbing and distributing J-dramas illegally, there would be almost none of the interest that makes a legit service like Crunchyroll possible.
Score: 11 Votes (Like | Disagree)
ActionableMango Avatar
119 months ago
I'm glad I don't use these types of apps. I don't need the headaches of potentially getting malicious software on my machines.
I don't see what the "type of app" has to do with anything.

According to the article, the app developer had their server compromised in such a way that the download for the legitimate app was replaced with one recompiled to include malware. Presumably this could happen to any company or any type of app. Similar things have happened to many other companies, small and large, for many types of applications, including Apple's App Store:

https://www.wired.com/2015/09/apple-removes-300-infected-apps-app-store/
Score: 8 Votes (Like | Disagree)

Popular Stories

10

Apple to Launch New Products Starting Next Week, Claims Dubious Leak [Updated]

Friday October 10, 2025 5:57 am PDT by
Update: the Naver account appears to be referencing a speculative post on X by Vadim Yuryev, dated October 6. The original article follows. Apple will announce new products through a series of press releases beginning as soon as next week, according to a dubious claim posted on the Korean blog Naver. The Naver blog account yeux1122, which aggregates rather than originates Apple...
apple oct 2024 mac tease

Apple Expected to Announce These Two to Three Products 'This Week'

Sunday October 12, 2025 7:05 am PDT by
Apple plans to announce new products "this week," according to Bloomberg's Mark Gurman. Apple's "Mac Your Calendars" teaser last October In his Power On newsletter today, Gurman said the products set to be updated this week include the iPad Pro, Vision Pro, and "likely" the base 14-inch MacBook Pro, with all three likely to receive a spec bump with Apple's next-generation M5 chip. Gurman...
iPhone 17 Pro Colors

iPhone 18 Pro Already Rumored to Have These 6 New Features

Saturday October 11, 2025 10:10 am PDT by
While the iPhone 18 Pro and iPhone 18 Pro Max are still nearly a year away, a handful of new features and changes have already been rumored for the devices. Below, we have recapped some of the early iPhone 18 Pro rumors so far. Smaller Dynamic Island The standard iPhone 18, iPhone 18 Pro, and iPhone 18 Pro Max will be equipped with a slightly smaller Dynamic Island, but the devices will...
iOS 26 Feature

Apple Preparing iOS 26.0.2 Update for iPhones

Saturday October 11, 2025 6:59 pm PDT by
Apple's software engineers are internally testing iOS 26.0.2, according to MacRumors logs, which have been a reliable indicator of upcoming iOS versions. iOS 26.0.2 will likely be a minor update that addresses bugs and/or security vulnerabilities, but we do not know any specific details yet. The update will likely be released within the next few weeks. Last month, Apple released iOS...
apple invite colorado%402x

Apple Hosts Unusual Colorado Event to Showcase Latest Hardware

Thursday October 9, 2025 1:17 pm PDT by
Apple has invited a group of social media influencers to Colorado this week for an unusual event involving group hiking, trail running, and other outdoor activities designed to showcase the company's recently launched iPhone 17 Pro Max, AirPods Pro 3, and Apple Watch Ultra 3. An invitation was shared on X (Twitter) by photographer Johnny Hawk, featuring a simple message: "Hi Johnny. We're so ...
10

Apple Event This October? Here's the Latest on What to Expect

Thursday October 9, 2025 7:00 am PDT by
While it is unclear if Apple will host an October event this year, or stick to press releases, rumors suggest it will announce several new products this month. The graphic for Apple's "Unleashed" event in October 2021 Below, we have recapped everything to know about a potential Apple event this October. When The table below outlines when Apple teased its October launches over the past...
spring 2022 possible macs

When Will Apple's Macs Get M5 Chips? 2025-2026 Launch Timeline

Wednesday October 8, 2025 3:59 pm PDT by
We're just about due for the next-generation Apple silicon chip, which will kick off a new wave of Mac refreshes. The M5 chip is expected to make an appearance in some new products before the end of the year, but most Mac refreshes will happen in 2026. We've rounded up current rumors on when we might see updates for Apple's notebook and desktop machines. MacBook Pro The MacBook Pro could ...
AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 3, AirPods Pro 2 and AirPods 4

Tuesday October 7, 2025 11:27 am PDT by
Apple today released new firmware designed for the AirPods Pro 3, prior-generation AirPods Pro 2, and the AirPods 4 models. The firmware has a build number of 8A358, up from 8A356. There's no word on what's include in the updated firmware, but the prior 8A356 update added iOS 26 features to the AirPods Pro 2, AirPods Pro 3, and AirPods 4 with ANC. The software introduced better audio quality ...
vivo liquid glass

iOS 26 Liquid Glass Design Copied by Android Smartphone Maker

Thursday October 9, 2025 4:07 pm PDT by
Chinese smartphone maker Vivo has taken some inspiration from Apple's Liquid Glass design language for its latest operating system update, OriginOS 6. Unveiled this week, OriginOS 6 has the same rounded buttons and translucent glass look as iOS 26. In a demo video, a Vivo smartphone features an interface that could be easily mistaken for iOS 26. There's a Liquid Glass clock, Control Center,...