TransmissionJust five months after Transmission was infected with the first "ransomware" ever found on the Mac, the popular BitTorrent client is again at the center of newly uncovered OS X malware.

Researchers at security website We Live Security have discovered the malware, called OSX/Keydnap, was spread through a recompiled version of Transmission temporarily distributed through the client's official website.

OSX/Keydnap executes itself in a similar manner as the previous Transmission ransomware KeRanger, by adding a malicious block of code to the main function of the app, according to the researchers. Likewise, they said a legitimate code signing key was used to sign the malicious Transmission app, different from the legitimate Transmission certificate, but still signed by Apple and thereby able to bypass Gatekeeper on OS X.

The researchers said they notified the Transmission team about the malware, and within minutes they removed the malicious file from their web server and launched an investigation. The researchers believe the infected Transmission app was signed on August 28 and distributed only on August 29, and thus recommend anyone who downloaded version 2.92 of the app between those dates to verify if their system is compromised by checking for the presence of any of the following files or directories:

  • /Applications/Transmission.app/Contents/Resources/License.rtf

  • /Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf

  • $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd

  • $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id

  • $HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist

  • /Library/Application Support/com.apple.iCloud.sync.daemon/

  • $HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plist

Transmission version 2.92 remains available through the software's update mechanism.

Top Rated Comments

Picka Avatar
120 months ago
uTorrent FTW...
Said no one. Ever.
Score: 29 Votes (Like | Disagree)
sualpine Avatar
120 months ago
This wouldn't happen if torrent apps were allowed in the App Store.
Score: 25 Votes (Like | Disagree)
Scellow Avatar
120 months ago
uTorrent FTW...
utorrent is worse
Score: 17 Votes (Like | Disagree)
keysofanxiety Avatar
120 months ago
Come on, guys. Secure your server already.
Sources say that the armoured gerbil protecting the server room was distracted by a morsel of cheese.
Score: 12 Votes (Like | Disagree)
Makosuke Avatar
120 months ago
Transmission is an extremely polished client, so it's rather disappointing that they've managed to get their official builds, distributed from their own website, built with malware twice now. That does not speak well, at all, to how they maintain either their servers or their dev team.

An aside to those ragging on BitTorrent:

First, there are surprisingly enough some legit things that are now distributed primarily or exclusively through BT. I needed to get Transmission running to download ATI's tech demo package recently.

And second, while its obviously heavily abused to pirate content, there is also a huge grey area of technically-not-okay things that don't really fall into the standard bin of piracy. Example: J-dramas. While this has been improving (mostly Crunchyroll and, for K-dramas, Hulu) there are still many, particularly older ones, that have never been licensed or officially released outside Japan, so while there's always the "market poisoning" question if somebody does consider licensing in the future, there's currently no legitimate way to view them if you live in the US, and since there is no official distributor in this country there's also nobody defending the copyrights. Conversely, it's quite likely that if there was no underground scene of fansubbing and distributing J-dramas illegally, there would be almost none of the interest that makes a legit service like Crunchyroll possible.
Score: 11 Votes (Like | Disagree)
ActionableMango Avatar
120 months ago
I'm glad I don't use these types of apps. I don't need the headaches of potentially getting malicious software on my machines.
I don't see what the "type of app" has to do with anything.

According to the article, the app developer had their server compromised in such a way that the download for the legitimate app was replaced with one recompiled to include malware. Presumably this could happen to any company or any type of app. Similar things have happened to many other companies, small and large, for many types of applications, including Apple's App Store:

https://www.wired.com/2015/09/apple-removes-300-infected-apps-app-store/
Score: 8 Votes (Like | Disagree)

Popular Stories

iPhone Air

Report: 'Virtually No Demand' for iPhone Air

Wednesday October 22, 2025 3:22 am PDT by
Apple is "drastically" cutting production of the iPhone Air and shifting focus toward the iPhone 17 and iPhone 17 Pro models, Nikkei Asia reports. The business publication claims to have learned of a major cut to iPhone Air production motivated by weaker-than-expected consumer interest, nearly to "end of production levels." Despite early reports of the iPhone Air selling out within hours of...
sam sung auction

Former Apple Employee Sam Sung Changed His Name to Avoid Attention

Wednesday October 22, 2025 4:44 pm PDT by
Back in 2012, an Apple retail employee named Sam Sung went viral because his name is similar to Samsung, one of Apple's main competitors. In a recent interview with Business Insider, he detailed that period in his life, how Apple responded, and he explained why he ultimately changed his name. Someone posted an image of Sung's Apple business card on Reddit in 2012, and it spread rapidly....
iOS 26

iOS 26.1 Coming Soon With These 8 New Features for Your iPhone

Wednesday October 22, 2025 6:15 am PDT by
The upcoming iOS 26.1 update includes a handful of new features and changes for iPhones, including a toggle for changing the appearance of the Liquid Glass design, "slide to stop" for alarms in the Clock app, and more. iOS 26.1 is currently in beta testing. The update will likely be released in the first half of November, and it is compatible with the iPhone 11 series and newer, but some...
cadillac lyric infotainment

GM to Remove CarPlay from All Future Vehicles, Including Gas Cars [Updated]

Wednesday October 22, 2025 11:34 am PDT by
General Motors began phasing out support for CarPlay in its electric vehicles back in 2023, leading to complaints from iPhone users, but the company has no plans to back down. In fact, GM is going further and plans to remove CarPlay from all future gas vehicles, too. In an interview with The Verge, GM CEO Mary Barra said that the company opted to prioritize its platform for EVs, but the...
iOS 26 Battery Glass Feature

iOS 26.1 Beta Liquid Glass Battery Drain Test: Tinted vs Clear Mode

Friday October 24, 2025 2:30 pm PDT by
In the fourth iOS 26.1 beta, Apple added a "Tinted" option that reduces the translucency of Liquid Glass for those who prefer a more opaque look. I saw some comments wondering whether the setting might preserve battery life, so I thought I'd do some testing. Test Settings I did four separate tests using the iPhone 17 Pro Max, and I kept the parameters as similar as possible. Here are the...
All Screen iPhone 2027 Feature 1

Apple's Plan to Launch Three New iPhone Designs Allegedly Revealed

Wednesday October 22, 2025 6:24 am PDT by
Apple plans to launch a new type of iPhone every year for the foreseeable future, according to an Asia-based source. The detailed information was shared by the account "yeux1122" in a blog post on the Korean platform Naver, citing domestic trend and component research companies. Corroborating other reports, Apple will apparently launch its first foldable iPhone in 2026, featuring a...
All Screen iPhone 2027 Feature 1

Report: Apple to Skip 'iPhone 19' Name for 'iPhone 20'

Thursday October 23, 2025 4:28 am PDT by
Apple's new iPhone lineup launched in the fall of 2027 will be called the "iPhone 20" models, rather than the "iPhone 19," according to research firm Omdia. Speaking at a conference in Seoul (via ETNews), Omdia Chief Researcher Heo Moo-yeol corroborated rumors that Apple plans to move the launch of its standard iPhone to the first half of the year and provided some additional clarity about...
maxresdefault

Apple's iPhone Air Experiment Fails as Supply Chain Cuts Production by 80%

Wednesday October 22, 2025 10:48 am PDT by
iPhone Air demand failed to meet Apple's expectations and the company's supply chain is scaling back shipments and production, reports Apple analyst Ming-Chi Kuo. Subscribe to the MacRumors YouTube channel for more videos. Suppliers are expected to reduce capacity by more than 80 percent between now and the first quarter of 2026, and some components with longer lead times will be discontinued ...
trump white house ballroom

Apple Donating to Trump's $350M White House Ballroom Project

Thursday October 23, 2025 3:55 pm PDT by
Apple is one of several tech companies that will contribute to the construction of U.S. President Donald Trump's 90,000-square-foot ballroom, reports CNN. Construction began on the ballroom this week, and the White House's east wing was torn down. Trump claims that the ballroom will cost $350 million, and that it will be privately funded through donations. The cost has already increased $150 ...
apple wallet drivers license feature iPhone 15 pro

iPhone Driver's License Feature in Apple Wallet App Launches in Another U.S. State

Thursday October 23, 2025 7:44 am PDT by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. Starting today, the feature is available to residents of West Virginia. To set it up, open the Wallet app and tap on the plus sign in...