Stealthy malware will hold your Mac ransom

By

Apple takes a hacksaw to estimated trade-in values for its devices
A rare security threat aimed at Mac users.
Photo: Pictures of Money/Flickr CC

Torrenters beware! The first ransomware attack on Mac users in the wild has been discovered, “courtesy” of Transmission, a BitTorrent client for Mac.

The torrent service received a major update last week, but it unfortunately the new software happened to be infected with ransomware, which went on to quietly install itself on the the Macs of everyone who downloaded the update from Transmission’s website.

While Apple is aware of the problem and has already revoked the digital Apple Developer certificate of the Transmission team while the issue is dealt with, this represents a rare security lapse that threatens Mac users.

Called “KeRanger,” the ransomware works by secretly encrypting all your data after three days of lying dormant. To get their data back, users must pay a Bitcoin ransom equal to about $400. “This is the first [ransomware] in the wild that is definitely functional, encrypts your files and seeks a ransom,” Palo Alto Threat Intelligence Director Ryan Olson told Reuters.

It is thought that the ransomware only threatens users who downloaded v2.90 of Transmission through the company’s website rather than upgrading inside the app itself.

Fortunately there’s a way around the problem that doesn’t involve contributing to the (I presume) still half-constructed evil volcano lair of whichever supervillain hackers are responsible for this incident. Transmission has already issued a v2.92 update, which will automatically remove the malware in question.

Users of v2.91 should immediately upgrade to and run 2.92 since, even though this version was not infected, it doesn’t automatically remove the malware-infected file.

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.