Malware hits Mac

First known malware found on Mac.

If you downloaded the BitTorrent client app called Transmission (ver. 2.9) on Friday or Saturday (March 5th & 6th) you should update it to version 2.92 IMMEDIATELY! Be sure to do some directly from app developer’s website.

OS X users have been targeted with the first known case of Mac ‘ransomware’ malware. It is found in the Transmission BitTorrent client. Infected versions of the app include ‘KeyRanger’ malware that will maliciously encrypt the user’s hard drive after three days of being installed. The malware then asks for payment to allow the user to decrypt the disk and access their data — the ‘ransom’.

The same day that Palo Alto Networks discovered the threat — which was distributed with the Transmission app in a DMG package signed by a valid developer ID — Apple revoked the signing certificate involved to prevent new installations of the infected version via the Mac’s GateKeeper signed – app security system.

Apple also began automatic distribution of an OS X XProtect antivirus signature to flag and quarantine existing compromised downloads.

Since Apple has revoked the certificate and distributed an XProtect update, anyone attempting to open a known-infected version of the Transmission app will now be given a warning dialog box that notes “ will damage your computer. You should move it to the Trash,” or “Transmission can’t be opened. You should eject the disk image.”

TechnoTip: We reccommend that you leave the default security setting on your Mac set to “Mac App Store and identified developers.” We also recommend you do not download from bit torrrents. You are asking for trouble. 

If you think you might have been have this malware on your computer, please don’t hesitate to contact TechnoMinds. We will scan your computers and attempt to remove it.