Just five months after Transmission was infected with the first "ransomware" ever found on the Mac, the popular BitTorrent client is again at the center of newly uncovered OS X malware.
Researchers at security website We Live Security have discovered the malware, called OSX/Keydnap, was spread through a recompiled version of Transmission temporarily distributed through the client's official website.
OSX/Keydnap executes itself in a similar manner as the previous Transmission ransomware KeRanger, by adding a malicious block of code to the main function of the app, according to the researchers. Likewise, they said a legitimate code signing key was used to sign the malicious Transmission app, different from the legitimate Transmission certificate, but still signed by Apple and thereby able to bypass Gatekeeper on OS X.
The researchers said they notified the Transmission team about the malware, and within minutes they removed the malicious file from their web server and launched an investigation. The researchers believe the infected Transmission app was signed on August 28 and distributed only on August 29, and thus recommend anyone who downloaded version 2.92 of the app between those dates to verify if their system is compromised by checking for the presence of any of the following files or directories:
- /Applications/Transmission.app/Contents/Resources/License.rtf
- /Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf
- $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd
- $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id
- $HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist
- /Library/Application Support/com.apple.iCloud.sync.daemon/
- $HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plist
Transmission version 2.92 remains available through the software's update mechanism.
Tags: malware, Transmission
89 comments
With Apple's new 16-inch MacBook Pro now in stores, we were able to pick one up this morning to take a look at it and provide MacRumors readers with our first impressions on the new machine.
...
Apple's new 16-inch MacBook Pro models are in stores as of today, and iFixit, a site known for its product teardowns, has purchased one and is going to take it apart.
The teardown is...
A parliamentary committee in Germany on Wednesday passed an amendment to an anti-money laundering law that would force Apple to open up the NFC chip in iPhones to competing mobile payment providers,...
Apple today activated its in-store reserve and pickup system for the new 16-inch MacBook Pro in the United States.
This system enables customers to purchase the 16-inch MacBook Pro on...
Apple is removing all vaping-related apps from the App Store today, according to Axios, shortly after the Centers for Disease Control and Prevention reported 2,172 lung injury cases linked to...
Though Apple has not yet come out with a 5G iPhone, the company is expected to lead the 5G smartphone market in 2020, according to a new report today from analytics firm Strategy Analytics.
...
Apple has been struggling to add new subscribers to its Apple News+ service that launched in March, according to a new report from CNBC that cites people familiar with Apple News+.
When Apple...
Apple today released a new firmware update for the AirPods Pro, which were originally released on October 30.
Today's firmware update is labeled as 2B588, up from 2B584, which was the...
