www. O S N E W S .com
News Features Interviews
BlogContact Editorials

OS X ransomware infected Transmission installer
By Thom Holwerda on 2016-03-07 20:36:04

On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware "KeRanger." The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.

Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site Transmission is an open source project. It's possible that Transmission's official website was compromised and the files were replaced by re-compiled malicious versions, but we can't confirm how this infection occurred.

Fascinating hack - they basically compromised the Transmission website to upload infected installers. And it worked, too.

Update: Apple has shut down the exploit by revoking the compromised app's certificate.

12  Comments - Printer friendly - Related stories
Recent related stories
- Apple prepares macOS for discontinuation of 32-bit app support - 2018-02-03
- Apple Addresses Meltdown and Spectre in macOS - 2018-01-23
- Reading disks from 1988 in 2018 - 2018-01-13
- Apple quickly fixes severe security flaw in macOS - 2017-11-29
- Reverse engineering the macOS High Sierra supplemental update - 2017-10-09
- More related articles

Tell a friend
Your full name:
Your email address:
Your friend's email:
Anti-spam measure:

News Features Interviews
BlogContact Editorials

WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?