www. O S N E W S .com
News Features Interviews
BlogContact Editorials

OS X ransomware infected Transmission installer
By Thom Holwerda on 2016-03-07 20:36:04

On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware "KeRanger." The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.

Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site Transmission is an open source project. It's possible that Transmission's official website was compromised and the files were replaced by re-compiled malicious versions, but we can't confirm how this infection occurred.

Fascinating hack - they basically compromised the Transmission website to upload infected installers. And it worked, too.

Update: Apple has shut down the exploit by revoking the compromised app's certificate.

12  Comments - Printer friendly - Related stories
Recent related stories
- Reverse engineering the macOS High Sierra supplemental update - 2017-10-09
- Apple open-sourced iOS and macOS kernel for ARM - 2017-10-02
- Apple releases macOS High Sierra - 2017-09-26
- Apple sets release dates for macOS High Sierra, iOS 11 - 2017-09-12
- "We need to document macOS" - 2017-08-13
- More related articles
 

Tell a friend
Your full name:
Your email address:
Your friend's email:
Anti-spam measure:
5+2=

News Features Interviews
BlogContact Editorials


WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?