What’s the deal with KeRanger? How does it work and what does it do? originally appeared on Quora – the knowledge sharing network where compelling questions are answered by people with unique insights .
Answer by Stan Hanks , Fighting Bad Guys since the Morris Worm, on Quora :
KeRanger is apparently the first wide-spread “ransomware” piece of malware for the Mac and OS X to hit the wild. This is – on the surface – big news.
As you delve into the details, it turns into another “oh, wait, you did WHAT ?” story.
There is a very popular piece of software to allow Mac users to participate in BitTorrent networks, called Transmission . It’s NOT available in the Apple App Store for OS X, you have to acquire it via a public download site, either directly from the developer, or from some third-party link.
Let’s stop there: you’re using BitTorrent, which already means that you’re potentially putting yourself at risk via whatever you happen to be downloading (don’t get me wrong, BitTorrent has a hundred completely legitimate uses, it’s just that, well, most of them aren’t). And you’re downloading a piece of software that hasn’t been vetted by Apple – or frankly, anyone else. And you might be doing that from a third party, who might have modified it without your knowledge. Got it. Safety is NOT a priority for you. Continuing …
So, Transmission hasn’t had an update in a really, really long time. The users got restless. The developer finally released one, and – ta-da – it’s carrying an unplanned passenger. KeRanger.
This is where things get a bit dicey – it’s less than clear if this was pre-packed by the author, if it was added after the fact, or if it only shows up in linked versions which […]
