Follow Slashdot stories on Twitter


Forgot your password?
Security Apple

Transmission Malware On Mac, Strike 2 ( 61

New reader puenktli writes: Just five months after Transmission was infected with the first 'ransomware' ever found on the Mac, the popular BitTorrent client is again at the center of newly uncovered OS X malware. Researchers at security website We Live Security have discovered the malware, called OSX/Keydnap, was spread through a recompiled version of Transmission temporarily distributed through the client's official website. OSX/Keydnap executes itself in a similar manner as the previous Transmission ransomware KeRanger, by adding a malicious block of code to the main function of the app, according to the researchers. Likewise, they said a legitimate code signing key was used to sign the malicious Transmission app, different from the legitimate Transmission certificate, but still signed by Apple and thereby able to bypass Gatekeeper on OS X.
This discussion has been archived. No new comments can be posted.

Transmission Malware On Mac, Strike 2

Comments Filter:
  • by fish_in_the_c ( 577259 ) on Wednesday August 31, 2016 @11:26AM (#52802877)

    Why would a platform which is hated by many multibillion dollar corporations for being used to violates their legal rights be a target for malware.
    ( ok.... I think I will go put on my tinfoil hat now :) but then again it does make you kind of wonder. Does anyone else know who or why people target this kind of system with malware. I suppose it is also a good target because the machines may already be using large amounts of bandwidth so there is less chance of detection. Seriously though, anybody out there know why malware makers pick specific targets, what makes some easier ect.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      I think it's more of a case of a "hacker" going down through the list of "Most popular Mac OS applications", and finding that number X (in this case, Transmission) had a good popularity to ease of hacking ratio. That is, it was easy to hack and popular enough to be a good infection vector.

      If number X-1 was easier to hack, it would've been that one instead.

      I don't believe that anyone would target transmission specifically because it is a bittorrent client, since there are a whole bunch of other clients (I us

    • ok, why was this moded as troll? Was it not obvious from the tinfoil hat comment that the first part was meant as humor? Although I was wondering how the target was picked and have heard from time to time of copywriter holders interfering with or hacking networks they didn't like. The Madonna hack of Napster comes to mind off the top of my head.

    • Ironically, Apple could buy just about any corporation that hates it.

      I guess that's one definition of success.

    • If you are looking for a new BitTorrent client, then avoid Vuze. It used to be a superb client but recently they switched to the malware model. Last update it infected all my broswers with redirecting ad ware. My search engines were all set to Yahoo and it installed multiple extensions. It was painful to remove it all.

      I'm not making this up since the company fully admits they do this on their own forum web pages. Well they don't use the word malware, but if it quacks like a duck.

      • by ruir ( 2709173 )
        Is Vuze there yet? I though it was years it turned into a useless program...
      • Vuze is terrible, and to be honest it was always kind of a pig.

        qBittorrent's been working great for me. The UI isn't pretty, but it's a lot like uTorrent back when it was good. Open source, runs on everything, no malware.
        • qBittorrent...Can it run in as a daemon? with a remote interface that allow script to be run. That is the reason i run transmission. Works on my NAS perfectly with my scripts for reseeding.
          • Yes, in Ubuntu I'm using the qbittorrent-nox package and running it as a daemon with a web UI. It can also monitor folders for torrent files, move them when it loads them, and have default directories for in progress and completed downloads. Or you can load torrents via the Web UI, or from the command line.
  • Does it have a master backdoor login to give easy access to very unpleasant people? (movie reference for people that remember which one)
  • could be confusing. Transmission of some malware? two strikes? how many balls? Whose on first?

The secret of success is sincerity. Once you can fake that, you've got it made. -- Jean Giraudoux