Just five months after Transmission was infected with the first "ransomware" ever found on the Mac, the popular BitTorrent client is again at the center of newly uncovered OS X malware.
Researchers at security website We Live Security have discovered the malware, called OSX/Keydnap, was spread through a recompiled version of Transmission temporarily distributed through the client's official website.
OSX/Keydnap executes itself in a similar manner as the previous Transmission ransomware KeRanger, by adding a malicious block of code to the main function of the app, according to the researchers. Likewise, they said a legitimate code signing key was used to sign the malicious Transmission app, different from the legitimate Transmission certificate, but still signed by Apple and thereby able to bypass Gatekeeper on OS X.
The researchers said they notified the Transmission team about the malware, and within minutes they removed the malicious file from their web server and launched an investigation. The researchers believe the infected Transmission app was signed on August 28 and distributed only on August 29, and thus recommend anyone who downloaded version 2.92 of the app between those dates to verify if their system is compromised by checking for the presence of any of the following files or directories:
- /Applications/Transmission.app/Contents/Resources/License.rtf
- /Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf
- $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd
- $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id
- $HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist
- /Library/Application Support/com.apple.iCloud.sync.daemon/
- $HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plist
Tags: malware, Transmission
89 comments
Apple is today sending out notifications to Apple Music subscribers that, when tapped, allows them to send a referral to friend to sign up for a free one-month subscription to Apple Music.
...
Apple recently purchased PullString, a San Francisco startup that enables the design and publishing of voice apps through its PullString Converse platform, reports Axios.
PullString could be...
Apple is planning to release AirPods that feature a new surface coating, wireless charging, and a black color option, according to a report from Taiwanese Economic Daily News.
Apple supplier...
Apple today shared a new "Bokeh'd" video on its YouTube channel, which highlights the Depth Control feature on the iPhone XS, XS Max, and XR.
In the spot, a group of mothers are...
If you've deleted your DMs, they may be unavailable on your phone and on the web, but Twitter is still saving them, according to data from security researcher Karan Saini that was shared today by...
iPhone XS Max users experience more than two times faster real-world LTE data speeds as iPhone 5s users on average in the United States, according to OpenSignal, although there are caveats to...
Last August, Apple Music was updated with a new section in Browse curated by Deutsche Grammophon, one of the biggest classical music labels in the world. While classical music fans welcomed the...
Samsung has leaked its upcoming wearables lineup through its Galaxy Wearable app for Android ahead of its February 20 event.
Image credit: SamCentralTech
As spotted by Twitter account...
