Transmission is a popular BitTorrent client for OSX and users were thrilled when the publisher recently announced a long-awaited update to the application. However, the name “transmission” turned out to be more apt than expected when Palo Alto Networks detected ransomware now known as KeRanger hidden in the installer, publishing the findings on Sunday. Transmission is warning users about KeRanger Ransomware hidden in a recent update (Credit: Screen capture Brad Moon). KeRanger is believed to be the first instance of fully functional ransomware on OSX and if downloaded and allowed to run its course, will encrypt a user’s hard drive. This will result in an affected user being locked out of their Mac and unable to access files until they pay a ransom demand of one bitcoin (which is roughly $400).
Is Your Mac Infected?
If you downloaded version 2.90 of Transmission from the open-source project’s website, you could have a problem. If updated through the app itself, you should be clear but it wouldn’t hurt to double-check.
According to Alto Alto labs and Transmission, there are several things to check: Look for a file called “Applications/Transmission.app/Contents/Resources/ General.rtf” or “/Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf”. If you find it, delete your Transmission app.
Using the Activity Monitor , check for a process called “kernnel_service” is running. If you find it, choose Open Files and Ports from the app and search for a file name that looks anything like “Users/<username>/Library/kernel_service”. If you find it, force quit the process.
Recommended by Forbes Palo Alto Labs posted a blog that details the method for removing the traces of KeRanger if you find it on your Mac. Apple AAPL +1.50% has also revoked the certificate used by the Ransomware authors and Transmission has removed the infected installers from its website, so going forward it shouldn’t be an issue. […]
