First ransomware targeting Mac users discovered in Transmission BitTorrent client


Last week, Transmission BitTorrent client for Mac received its first major update in a few years. As it turns out though, v2.90 of Transmission was infected with a ransomware, which has silently installed itself in everyone’s Mac who installed the update.

The team behind Transmission has already published an update on their website informing users of the problem, along with steps to remove it from their Mac. The team has also issued the v2.92 update for the app that will automatically remove the malware from your Mac once installed.

Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file. This new version will make sure that the “OSX.KeRanger.A” ransomware (more information available here) is correctly removed from your computer.

Users of 2.91 should also immediately upgrade to and run 2.92. Even though 2.91 was never infected, it did not automatically remove the malware-infected file.

Apparently, the ransomware is only installed on your Mac if you directly downloaded the DMG of the update from Transmission’s website, and not if you installed the update from within the app itself.

The ransomware called “KeRanger” will automatically start encrypting hard disks three days after infecting a Mac and will then ask users to shell out money to allow them to retrieve their data. The ransom money it is asking is 1 bitcoin or about $US400.

If you use Transmission, it is highly recommended that you update to the latest version of the app right away to remove the malware from your Mac. Apple is already aware of the issue and has revoked the digital Apple Developer certificate of the Transmission team for the time being.

While ransomware/malware are pretty common on Windows, this is the first known malware that has affected Mac users on such a scale.

[Via Reuters]