|OS X ransomware infected Transmission installer|
|By Thom Holwerda on 2016-03-07 20:36:04|
On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware "KeRanger." The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.
Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site Transmission is an open source project. It's possible that Transmission's official website was compromised and the files were replaced by re-compiled malicious versions, but we can't confirm how this infection occurred.
Fascinating hack - they basically compromised the Transmission website to upload infected installers. And it worked, too.Update: Apple has shut down the exploit by revoking the compromised app's certificate.
- Apple open-sourced iOS and macOS kernel for ARM - 2017-10-02
- Apple releases macOS High Sierra - 2017-09-26
- Apple sets release dates for macOS High Sierra, iOS 11 - 2017-09-12
- "We need to document macOS" - 2017-08-13
- More related articles