Ransomware Found in Transmission BitTorrent Client

Over the last weekend, Apple customers were targeted by hackers in what seems to be the first attack by ransomware.

In case you are using a popular BitTorrent application called Transmission, you should immediately upgrade to the newest version (2.92). A notice appeared on the official website of the app, notifying users that version 2.90 may have been infected with malware.

This is what the official blog post says:

Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file.
Using “Activity Monitor” preinstalled in OS X, check whether any process named “kernel_service” is running. If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users//Library/kernel_service”. If so, the process is KeRanger’s main process. We suggest terminating it with “Quit -> Force Quit”

Ransomware is a type of malware that encrypts your hard drive’s content, then asks users to pay ransoms in order to get an electronic key. Typically, encrypted hard drives are impenetrable and the only way for the data to be accessed is by using the key. When it comes to this particular ransomware, KeRanger is programmed to stay inactive for three days, then connect to the attacker’s website and start encrypting data.

Ransomware scr1

An Apple representative said the company has already taken steps over the weekend to prevent further infections by revoking a digital certificate that was used by the rogue software.

In case you believe you might be infected, update Transmission to the newest version, which should solve the problem.