BitTorrent Client Transmission Again Victimized by OS X Malware

by

TransmissionJust five months after Transmission was infected with the first "ransomware" ever found on the Mac, the popular BitTorrent client is again at the center of newly uncovered OS X malware.

Researchers at security website We Live Security have discovered the malware, called OSX/Keydnap, was spread through a recompiled version of Transmission temporarily distributed through the client's official website.

OSX/Keydnap executes itself in a similar manner as the previous Transmission ransomware KeRanger, by adding a malicious block of code to the main function of the app, according to the researchers. Likewise, they said a legitimate code signing key was used to sign the malicious Transmission app, different from the legitimate Transmission certificate, but still signed by Apple and thereby able to bypass Gatekeeper on OS X.

The researchers said they notified the Transmission team about the malware, and within minutes they removed the malicious file from their web server and launched an investigation. The researchers believe the infected Transmission app was signed on August 28 and distributed only on August 29, and thus recommend anyone who downloaded version 2.92 of the app between those dates to verify if their system is compromised by checking for the presence of any of the following files or directories:

  • /Applications/Transmission.app/Contents/Resources/License.rtf

  • /Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf

  • $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd

  • $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id

  • $HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist

  • /Library/Application Support/com.apple.iCloud.sync.daemon/

  • $HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plist

Transmission version 2.92 remains available through the software's update mechanism.

Top Rated Comments

(View all)
Avatar
49 months ago

uTorrent FTW...

Said no one. Ever.
Score: 29 Votes (Like | Disagree)
Avatar
49 months ago
This wouldn't happen if torrent apps were allowed in the App Store.
Score: 25 Votes (Like | Disagree)
Avatar
49 months ago

uTorrent FTW...

utorrent is worse
Score: 17 Votes (Like | Disagree)
Avatar
49 months ago

Come on, guys. Secure your server already.

Sources say that the armoured gerbil protecting the server room was distracted by a morsel of cheese.
Score: 12 Votes (Like | Disagree)
Avatar
49 months ago
Transmission is an extremely polished client, so it's rather disappointing that they've managed to get their official builds, distributed from their own website, built with malware twice now. That does not speak well, at all, to how they maintain either their servers or their dev team.

An aside to those ragging on BitTorrent:

First, there are surprisingly enough some legit things that are now distributed primarily or exclusively through BT. I needed to get Transmission running to download ATI's tech demo package recently.

And second, while its obviously heavily abused to pirate content, there is also a huge grey area of technically-not-okay things that don't really fall into the standard bin of piracy. Example: J-dramas. While this has been improving (mostly Crunchyroll and, for K-dramas, Hulu) there are still many, particularly older ones, that have never been licensed or officially released outside Japan, so while there's always the "market poisoning" question if somebody does consider licensing in the future, there's currently no legitimate way to view them if you live in the US, and since there is no official distributor in this country there's also nobody defending the copyrights. Conversely, it's quite likely that if there was no underground scene of fansubbing and distributing J-dramas illegally, there would be almost none of the interest that makes a legit service like Crunchyroll possible.
Score: 11 Votes (Like | Disagree)
Avatar
49 months ago

I'm glad I don't use these types of apps. I don't need the headaches of potentially getting malicious software on my machines.

I don't see what the "type of app" has to do with anything.

According to the article, the app developer had their server compromised in such a way that the download for the legitimate app was replaced with one recompiled to include malware. Presumably this could happen to any company or any type of app. Similar things have happened to many other companies, small and large, for many types of applications, including Apple's App Store:

https://www.wired.com/2015/09/apple-removes-300-infected-apps-app-store/
Score: 8 Votes (Like | Disagree)

Top Stories

Leaker: Apple to Stick With Lightning Over USB-C for 'iPhone 12' Before Going Port-Less Next Year

Tuesday May 26, 2020 2:31 am PDT by
Apple will use a Lightning port instead of USB-C in the upcoming "iPhone 12," but it will be the last major series of Apple's flagship phones to do so, with models set to combine wireless charging and a port-less Smart Connector system for data transfer and syncing in the iPhone "13 series" next year. The above claim comes from occasional Apple leaker and Twitter user "Fudge" (@choco_bit),...

Apple Reissuing Numerous iOS App Updates, Potentially Related to Recent 'This App is No Longer Shared' Bug

Sunday May 24, 2020 9:13 pm PDT by
Over the past few hours, a number of MacRumors readers have reported seeing dozens or even hundreds of pending app updates showing in the App Store on their iOS devices, including for many apps that were already recently updated by the users. In many cases, the dates listed on these new app updates extend back as far as ten days. Apple has not shared any information as to why updates for...

'This App is No Longer Shared' iOS Bug Preventing Some Apps From Opening

Friday May 22, 2020 3:58 pm PDT by
An app bug is causing some iOS users to be unable to open their apps, with affected iPhone and iPad users seeing the message "This app is no longer shared with you" when attempting to access an app. There are multiple complaints about the issue on the MacRumors forums and on Twitter from users who are running into problems. A MacRumors reader describes the issue:Is anyone else experiencing...

16-Inch MacBook Pro, iPad Pro, and iMac Pro With Mini-LED Displays Again Rumored to Launch in 2021

Tuesday May 26, 2020 5:30 am PDT by
Apple plans to release several higher-end devices with Mini-LED displays in 2021, including a new 12.9-inch iPad Pro in the first quarter, a new 16-inch MacBook Pro in the second quarter, and a new 27-inch iMac in the second half of the year, according to Jeff Pu, an analyst at Chinese research firm GF Securities. This timeframe lines up with one shared by analyst Ming-Chi Kuo, who recently...

Jailbreak Tool 'unc0ver' 5.0 Released With iOS 13.5 Compatibility

Sunday May 24, 2020 3:06 pm PDT by
The team behind the "unc0ver" jailbreaking tool for iOS has released version 5.0.0 of its software that claims to have the ability to jailbreak "every signed iOS version on every device" using a zero-day kernel vulnerability by Pwn20wnd, a renowned iOS hacker. The announcement comes just days after it was announced that the tool would soon launch. The unc0ver website highlights how the tool...

Future AirPods to Include 'Ambient Light Sensors' Possibly Related to Rumored Health Features

Monday May 25, 2020 2:53 am PDT by
Apple is reportedly looking to integrate light sensors in a new model of AirPods in the next couple of years, according to a new report today, suggesting their use could be part of rumored upcoming health monitoring features in the true wireless earbuds. In a paywalled article, DigiTimes reports that ASE Technology could be involved in manufacturing the sensors: Apple is expected to...

Top Stories: Apple Glass and iPhone 12 Rumors, iOS 13.5 Update, and More!

Saturday May 23, 2020 6:00 am PDT by
It was another big week for rumors this week, with a flurry of reports about Apple's augmented reality glasses, the iPhone 12, and Apple's "AirPods Studio" over-ear headphones. This week also saw the release of iOS 13.5, bringing a number of health-related updates to Apple's mobile devices. Subscribe to the MacRumors YouTube channel for more videos. Other topics of interest this week included ...

Apple's 'Bounce' AirPods Ad Wins 'Best of Advertising' Award

Friday May 22, 2020 10:09 am PDT by
Apple's creative "Bounce" ad designed to highlight the AirPods took top honors in the 99th annual ADC (Art Director's Club) awards for advertising, earning the "Best of Discipline" award along with two Gold Cube awards in the craft in video and branded content categories. Released in June 2019, the ad features a bored man who pulls his AirPods off of their wireless charging pad and then pops ...

Apple Releases macOS Catalina 10.15.5 With Battery Health Management Features, Fix for Finder Freezing

Tuesday May 26, 2020 1:59 pm PDT by
Apple today released macOS Catalina 10.15.5, the fifth update to the macOS Catalina operating system that was released in October 2019. macOS Catalina 10.15.5 comes two months after the launch of macOS Catalina 10.15.4, which introduced Screen Time Communication Limits. macOS Catalina 10.15.5 is a free update that can be downloaded from the Mac App Store using the Update feature in the...

'Apple Glass' Rumored to Start at $499, Support Prescription Lenses, and More

Tuesday May 19, 2020 6:30 am PDT by
Front Page Tech host and leaker Jon Prosser today shared several alleged details about Apple's rumored augmented reality glasses, including an "Apple Glass" marketing name, $499 starting price, prescription lens option, and more. The marketing name will be "Apple Glass" The glasses will start at $499 with the option for prescription lenses at an extra cost There will be displays in both...