TransmissionJust five months after Transmission was infected with the first "ransomware" ever found on the Mac, the popular BitTorrent client is again at the center of newly uncovered OS X malware.

Researchers at security website We Live Security have discovered the malware, called OSX/Keydnap, was spread through a recompiled version of Transmission temporarily distributed through the client's official website.

OSX/Keydnap executes itself in a similar manner as the previous Transmission ransomware KeRanger, by adding a malicious block of code to the main function of the app, according to the researchers. Likewise, they said a legitimate code signing key was used to sign the malicious Transmission app, different from the legitimate Transmission certificate, but still signed by Apple and thereby able to bypass Gatekeeper on OS X.

The researchers said they notified the Transmission team about the malware, and within minutes they removed the malicious file from their web server and launched an investigation. The researchers believe the infected Transmission app was signed on August 28 and distributed only on August 29, and thus recommend anyone who downloaded version 2.92 of the app between those dates to verify if their system is compromised by checking for the presence of any of the following files or directories:

  • /Applications/Transmission.app/Contents/Resources/License.rtf

  • /Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf

  • $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd

  • $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id

  • $HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist

  • /Library/Application Support/com.apple.iCloud.sync.daemon/

  • $HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plist

Transmission version 2.92 remains available through the software's update mechanism.

Top Rated Comments

Picka Avatar
119 months ago
uTorrent FTW...
Said no one. Ever.
Score: 29 Votes (Like | Disagree)
sualpine Avatar
119 months ago
This wouldn't happen if torrent apps were allowed in the App Store.
Score: 25 Votes (Like | Disagree)
Scellow Avatar
119 months ago
uTorrent FTW...
utorrent is worse
Score: 17 Votes (Like | Disagree)
keysofanxiety Avatar
119 months ago
Come on, guys. Secure your server already.
Sources say that the armoured gerbil protecting the server room was distracted by a morsel of cheese.
Score: 12 Votes (Like | Disagree)
Makosuke Avatar
119 months ago
Transmission is an extremely polished client, so it's rather disappointing that they've managed to get their official builds, distributed from their own website, built with malware twice now. That does not speak well, at all, to how they maintain either their servers or their dev team.

An aside to those ragging on BitTorrent:

First, there are surprisingly enough some legit things that are now distributed primarily or exclusively through BT. I needed to get Transmission running to download ATI's tech demo package recently.

And second, while its obviously heavily abused to pirate content, there is also a huge grey area of technically-not-okay things that don't really fall into the standard bin of piracy. Example: J-dramas. While this has been improving (mostly Crunchyroll and, for K-dramas, Hulu) there are still many, particularly older ones, that have never been licensed or officially released outside Japan, so while there's always the "market poisoning" question if somebody does consider licensing in the future, there's currently no legitimate way to view them if you live in the US, and since there is no official distributor in this country there's also nobody defending the copyrights. Conversely, it's quite likely that if there was no underground scene of fansubbing and distributing J-dramas illegally, there would be almost none of the interest that makes a legit service like Crunchyroll possible.
Score: 11 Votes (Like | Disagree)
ActionableMango Avatar
119 months ago
I'm glad I don't use these types of apps. I don't need the headaches of potentially getting malicious software on my machines.
I don't see what the "type of app" has to do with anything.

According to the article, the app developer had their server compromised in such a way that the download for the legitimate app was replaced with one recompiled to include malware. Presumably this could happen to any company or any type of app. Similar things have happened to many other companies, small and large, for many types of applications, including Apple's App Store:

https://www.wired.com/2015/09/apple-removes-300-infected-apps-app-store/
Score: 8 Votes (Like | Disagree)

Popular Stories

john ternus on stage

Gurman: Major Apple Leadership Shakeup Impending With John Ternus as Next CEO

Monday October 6, 2025 6:21 am PDT by
Apple is entering its most significant leadership transition in more than a decade as multiple senior executives prepare to depart and CEO Tim Cook begins to shape the company's next generation of leaders, according to Bloomberg's Mark Gurman. In the latest edition of his "Power On" newsletter, Gurman explained that Jeff Williams, who was viewed as Cook's potential successor for several...
AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 3, AirPods Pro 2 and AirPods 4

Tuesday October 7, 2025 11:27 am PDT by
Apple today released new firmware designed for the AirPods Pro 3, prior-generation AirPods Pro 2, and the AirPods 4 models. The firmware has a build number of 8A358, up from 8A356. There's no word on what's include in the updated firmware, but the prior 8A356 update added iOS 26 features to the AirPods Pro 2, AirPods Pro 3, and AirPods 4 with ANC. The software introduced better audio quality ...
iOS 26 Feature

iOS 26.1 to iOS 26.4 Will Add These New Features to Your iPhone

Wednesday October 1, 2025 1:26 pm PDT by
iOS 26 was released last month, but the software train never stops, and iOS 26.1 beta testing is already underway. So far, iOS 26.1 makes both Apple Intelligence and Live Translation on compatible AirPods available in additional languages, and it includes some other minor changes across Apple Music, Calendar, Photos, and Safari. More features and changes will follow in future versions,...
ios 26 1 slide to stop

Apple Fixes Alarms in iOS 26.1

Monday October 6, 2025 11:56 am PDT by
With the second beta of iOS 26.1, Apple updated the design of alarms set on the iPhone, making them harder to dismiss than before. Stopping an alarm in iOS 26.1 beta 2 requires a new Slide to Stop gesture rather than a simple tap. You can continue to tap to snooze an alarm, but if you want to turn it off entirely, you need to use a swipe. Transitioning from a tap to a slide gesture to...
ipad mini 7 feature blue

iPad Mini 8 on the Way: Expected Features and Release Timeline

Monday October 6, 2025 5:05 am PDT by
A new iPad mini is "absolutely" on the way, according to Bloomberg's Mark Gurman. So what should we expect from the successor to the iPad mini 7 that Apple released a year ago? Processor and Performance Apple is working on a next-generation version of the iPad mini (codename J510/J511) that features the A19 Pro chip, according to information found in code that Apple mistakenly shared in...
iCloud iPhone 17 Pro

Apple Highlights Five Perks for iPhone Users Who Pay for iCloud Storage

Monday October 6, 2025 6:29 am PDT by
After launching new iPhones last month, Apple is promoting iCloud+ with a prominent banner on its home page, in a bid to boost its services revenue. In addition to more storage, all iCloud+ plans include five perks for iPhone users. As a refresher, iCloud includes 5GB of storage for free. If you want extra storage, you need to subscribe to an iCloud+ plan. In the United States, prices range...
iOS 26

Everything New in iOS 26.1 Beta 2

Monday October 6, 2025 3:54 pm PDT by
Apple released the second beta of iOS 26.1 and iPadOS 26.1, introducing useful changes to alarms, multitasking on the iPad, and more. There are also subtle tweaks to some of the Liquid Glass design elements as Apple continues to refine iOS 26. Alarms and Timers Alarms set using the Clock app now have a slide to stop button rather than a tap to stop button on the Lock Screen. To snooze an...
iOS 26 Feature

iOS 26 Adds These 200 New Features and Changes to Your iPhone

Saturday October 4, 2025 8:19 am PDT by
Apple's website offers a list of nearly 200 new features and changes (PDF file) included in the software update, released last month. Apple also shared equivalent lists for iPadOS 26 and macOS Tahoe. iOS 26 is compatible with the iPhone 11 and newer. To install the update, open the Settings app on your iPhone, tap on General, and tap on Software Update. Below, we have highlighted eight ...
macbook pro pink

M5 MacBook Pro Could Launch in October as M4 Model Faces Supply Constraints

Monday October 6, 2025 3:23 pm PDT by
Supplies of the 14-inch M4 MacBook Pro model appear to be constrained amid rumors that an upgraded M5 model could launch as soon as this year. As noted by Bloomberg's Mark Gurman, custom configurations of the M4 MacBook Pro model have a delayed shipping date and will not be delivered to customers until October 23 to 28. The restricted supply could be an indication that Apple is planning to...