As previous cases have shown, when a popular app becomes infected with malicious code, the trust level of the loyal user base can free fall, and it’s completely understandable.
Something like this has happened to Transmission for Mac, which is the preferred BitTorrent client for millions of Apple users. Somehow, the app became infected with ransomware, a type of malware designed to lock content on your computer (even the entire hard drive in some situations) and require a sum of money to unlock it.
In the case of Transmission, the hackers responsible for injecting the ransomware into the app require Bitcoin currency to decrypt your computer. This malware has been made public courtesy of users that reported it on the Transmission forum, and it is known as “OSX.KeRanger.A”. Also, the community members have examined the problem and concluded the ransomware is probably related to Transmission version 2.90.
Security analytics firm Palo Alto Networks has officially confirmed the existence of the KeeRanger malware and the fact it has infected version 2.90 of Transmission BitTorrent client. However, the company wasn’t able to figure out how the infection took place but they did notice it happened quickly after the installers were posted on the official site on March 4.
They have also noticed the ransomware was actually signed with a legitimate Mac app development certificate which obviously gave it a free pass through OS X’s security measures. However, the company was quick to report the problem to Apple which reacted by updating their XProtect signatures and revoking the abused certificate.
This means that if someone were to now open an infected version of Transmission, a warning will pop-up on the screen. Should this happen to you, simply use the ‘Eject Disk Image’ option and delete the installer.
Transmission is also aware of the problem and released a security fix via an update to version 2.92. Only version 2.90 of the BittTorrent client is infected but version 2.91 is unable to remove the infected files, so as long as you have one of these two installed on your Mac it is recommended you update to 2.92.
How to protect your Mac from Transmission’s KeeRanger ransomware if it’s already infected
Palo Alto Networks research center has made a clear guide on how you can know if you’ve been infected and what can be done about it.I won’t go over the complete instructions but you should be aware chances are very high that your Transmission client is infected if you downloaded its installer from the official website between 11:00 AM PST March 4, 2016. Nevertheless, there’s also a chance the client is infected if you downloaded version 2.90’s installer from third-party sources.