|OS X ransomware infected Transmission installer|
|By Thom Holwerda on 2016-03-07 20:36:04|
On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware "KeRanger." The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.
Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site Transmission is an open source project. It's possible that Transmission's official website was compromised and the files were replaced by re-compiled malicious versions, but we can't confirm how this infection occurred.
Fascinating hack - they basically compromised the Transmission website to upload infected installers. And it worked, too.Update: Apple has shut down the exploit by revoking the compromised app's certificate.
- Apple Addresses Meltdown and Spectre in macOS - 2018-01-23
- Reading disks from 1988 in 2018 - 2018-01-13
- Apple quickly fixes severe security flaw in macOS - 2017-11-29
- Reverse engineering the macOS High Sierra supplemental update - 2017-10-09
- More related articles