ESET advises users who may have downloaded Transmission between August 28 and 29 to check for new directory listings that the ransomware code would have created.
Advertisement
Security researchers have discovered a new malware in OS X which was being spread via BitTorrent client application Transmission.
Security firm ESET says it analyses samples targeting macOS every day.
OSX/Keydnap was “spread via a recompiled version of the otherwise legitimate open source BitTorrent client application Transmission and distributed on their official website”, they wrote.
According to ESET, Keydnap attempts to steal the content of the keychain in OS X where credentials are stored, which could enable the malware to establish a permanent backdoor.
The Transmission team pulled the file “literally minutes” after being notified by ESET. Although it is still unknown how and when the malicious code was made available for download on the Transmission website, the researchers said in July that users could be exposed to the Keydnap malware through “attachments in spam messages, downloads from untrusted websites or something else” as well.
Earlier in March, Palo Alto Networks researchers found that the Transmission website had been hacked and infected with a strand of ransomware called “KeRanger” – the first ever fully functional ransomware that targets Mac computers.
ESET noted the similarities between the two attacks. OSX/Keydnap executes in a similar fashion to Transmission’s last malware infection, KeRanger, in that it adds a malicious block of code to the core function of the app.
The incident was alarming since the Transmission files were signed with a legitimate Apple developer’s certificate, which meant Apple’s GateKeeper security feature wouldn’t have flagged the files as malware.
Advertisement
This time around, the BitTorrent client, which is very popular on Mac, but also comes with versions for Linux, distributed a DMG file that included the Keydnap trojan.
