The infection occurred on March 4, and Palo Alto researchers are saying that someone seems to have hacked the official Transmission website and replaced the legitimate Transmission client for Mac version 2.90 with one that included the KeRanger ransomware.
Advertisement
Users began unwittingly downloading the malicious programme as they tried to install popular software called Transmission, which is used to transfer data on BitTorrent.
It then asks victims to pay 1 Bitcoin (about $410 at the time of writing) in order to decrypt and regain access to their files.
“As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully-functional ransomware seen on the OS X platform”. Apple Inc customers were targeted by hackers over the weekend in the first campaign against Macintosh computers using a pernicious type of software known as ransomware, researchers with Palo Alto Networks Inc told Reuters yesterday.
Apple has since revoked the abused certificate and updated XProtect antivirus signature, and Transmission Project has removed the malicious installers from its website.
According to Ryan Olson, Palo Alto Threat Intelligence Director KeRanger was the first functioning ransomware that attacked Apple’s Mac computers. The warning reads: Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file. If so, the process is KeRanger’s main process. “If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users/ /Library/kernel_service” (Figure 12). We suggest terminating it with “Quit – Force Quit”.
Another interesting fact is that, according to sources, users who updated their torrent client over the air have managed to stay in the clear, with the only users who have been affected being those who downloaded the updated directly from Transmission’s servers. Worse, they might even find a way to exploit your system even more if you leave the malware installed-don’t do that.
Advertisement
Here’s the steps Palo Alto Networks recommends you take to identify and remove the ransomware: ● Using either Terminal or Finder, check whether /Applications/Transmission.app/Contents/Resources/ General.rtf or /Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf exist.
