Slashdot Mirror

← Back to Stories (view on slashdot.org)

Transmission BitTorrent App Contained Malware (cnbc.com)

Posted by BeauHD on from the late-to-the-party dept.

An anonymous reader writes: Apple users were targeted in the first known Mac ransomware campaign. Hackers targeted Transmission, which is one of the most popular Mac applications used to download software, videos, music, and other data from the BitTorrent peer-to-peer information sharing network. As per this forum post (English screenshot of warning), OS X detected malware called OSX.KeRanger.A. This is the first one in the wild that is functional as it encrypts your files and seeks a ransom. An Apple representative said the company had taken steps over the weekend to prevent attacks by revoking a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs.

6 of 109 comments (clear)

  1. Re:Digital certs don't make your software secure by Anonymous Coward · · Score: 4, Insightful

    $99 a year isn't an exorbitant fee for a code signing cert.

    Thats the only part of Apple's developer programs that require cost (besides buying a Mac, and frankly its not a crazy concept to own the platform you are developing for)

  2. Re:Digital certs don't make your software secure by Jamu · · Score: 3, Insightful

    You can probably make that back from the ransom payments...

    --
    Who ordered that?
  3. Re:If I remember right transmission is also includ by Anonymous Coward · · Score: 3, Insightful

    Given that Transmission originates as a project purely for Mac OS (which has subsequently become cross platform), I'd be amazed if the main devs didn't own Macs.

  4. I never get this. by rrohbeck · · Score: 3, Insightful

    How is an encrypted drive different from a failed drive, other than that if it's only encrypted you don't even have to buy a new one - just wipe it and restore your backup, maybe reinstall your OS first.

    --
    thegodmovie.com - watch it
    1. Re:I never get this. by sociocapitalist · · Score: 3, Insightful

      How is an encrypted drive different from a failed drive, other than that if it's only encrypted you don't even have to buy a new one - just wipe it and restore your backup, maybe reinstall your OS first.

      Because cryptolocker type attacks also encrypt any backup drives that are connected (either directly or over the network). You may even be backing up malware encrypted files, overwriting unencrypted files, for some time before the malware notice flashes up on your screen.

      Keep in mind that the malware process runs encryption in the background for some time (i.e. until some target percentage of what the malware considers to be 'interesting files' has been encrypted) so you don't generally know that you're under attack until most of your files have been made useless to you.

      The only reasonably certain defense is having a lot of one off backups that you make and then store offline. As USB keys are cheap I've been making weekly backups of the data that's really important and just throwing the keys in a drawer.

      --
      blindly antisocialist = antisocial
  5. Re:Time Machine by Anonymous Coward · · Score: 2, Insightful

    I'm guessing the time machine files will all be encrypted themselves so that data cannot be recovered. Assuming here that the time machine drive files are similar in form to the application 'bundles', just instead of programs and shared libraries on the 'bundle', there will be a source file and the various binary diffs of the versions of the files.