THIS WEEK'S SPONSOR:

Kolide

The fleet visibility solution for Mac, Windows, and Linux that can help you securely scale your business


Transmission Infected with KeRanger Ransomware

It was discovered this weekend that popular BitTorrent client Transmission was infected with what is believed to be the first fully functional ransomware on OS X. Palo Alto Networks discovered the infection and report that attackers infected two installers of version 2.90 of Transmission’s Mac app with the ransomware, dubbed KeRanger, on March 4. The ransomware works by encrypting all files in the “/Users” and “/Volumes” directories and then demands payment of 1 Bitcoin (~US$400) from victims in order to decrypt and retrieve their files.

It is not yet known how the Transmission installers were infected. Palo Alto Networks promptly disclosed the ransomware to the Transmission Project and Apple, and both have taken swift action. Transmission has since been updated to 2.9.1 (removing the ransomware from the installer) and 2.9.2 (automatically removing KeRanger if it had been installed on a user’s system). Whilst Apple has revoked the certificate used to install KeRanger, updated Gatekeeper to block the malicious installer, and updated its XProtect (Apple’s built-in anti-malware software) signatures.

How to Protect Yourself

The following is excerpted from Palo Alto Networks’ report on KeRanger. We recommend you read their full report if you would like further, and more detailed, information.

Users who have directly downloaded Transmission installer from official website after 11:00am PST, March 4, 2016 and before 7:00pm PST, March 5, 2016, may be been infected by KeRanger. If the Transmission installer was downloaded earlier or downloaded from any third party websites, we also suggest users perform the following security checks. Users of older versions of Transmission do not appear to be affected as of now.

[via MacRumors, Palo Alto Networks]

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.