Torrenters beware! The first ransomware attack on Mac users in the wild has been discovered, “courtesy” of Transmission, a BitTorrent client for Mac.
The torrent service received a major update last week, but it unfortunately the new software happened to be infected with ransomware, which went on to quietly install itself on the the Macs of everyone who downloaded the update from Transmission’s website.
While Apple is aware of the problem and has already revoked the digital Apple Developer certificate of the Transmission team while the issue is dealt with, this represents a rare security lapse that threatens Mac users.
Called “KeRanger,” the ransomware works by secretly encrypting all your data after three days of lying dormant. To get their data back, users must pay a Bitcoin ransom equal to about $400. “This is the first [ransomware] in the wild that is definitely functional, encrypts your files and seeks a ransom,” Palo Alto Threat Intelligence Director Ryan Olson told Reuters.
It is thought that the ransomware only threatens users who downloaded v2.90 of Transmission through the company’s website rather than upgrading inside the app itself.
Fortunately there’s a way around the problem that doesn’t involve contributing to the (I presume) still half-constructed evil volcano lair of whichever supervillain hackers are responsible for this incident. Transmission has already issued a v2.92 update, which will automatically remove the malware in question.
Users of v2.91 should immediately upgrade to and run 2.92 since, even though this version was not infected, it doesn’t automatically remove the malware-infected file.