Transmission BitTorrent App Contained Malware

An anonymous reader writes: Apple users were targeted in the first known Mac ransomware campaign. Hackers targeted Transmission, which is one of the most popular Mac applications used to download software, videos, music, and other data from the BitTorrent peer-to-peer information sharing network. As per this forum post (English screenshot of warning), OS X detected malware called OSX.KeRanger.A. This is the first one in the wild that is functional as it encrypts your files and seeks a ransom. An Apple representative said the company had taken steps over the weekend to prevent attacks by revoking a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs.

Gay niggers of America uses transmission for AIDS!

We the gau niggers of merica pledge to use transmission to give our AIDS to all!

Don't forget to felch and give a reach around

Digital certs don't make your software secure

[NotInHere]

In fact, in this case probably it was the contrary. I guess the developer was not part of the developer team for transmission, but external. If it were easy to package software for macs without having to pay lots of fees, the dev team could have done it themselves. Apple really should give free dev licenses to free software developers, to help fight abuse. Github does something like that too.

Re:Digital certs don't make your software secure

$99 a year isn't an exorbitant fee for a code signing cert.

Thats the only part of Apple's developer programs that require cost (besides buying a Mac, and frankly its not a crazy concept to own the platform you are developing for)

Re:Digital certs don't make your software secure

It's actually less than a lot of SSL certs from the various major (shit) CA vendors.

Re:Digital certs don't make your software secure

[Jamu]

You can probably make that back from the ransom payments...

Re:Digital certs don't make your software secure

(besides buying a Mac, and frankly its not a crazy concept to own the platform you are developing for)

Right. Because Macs run iOS. Of course.

In fact, even Microsoft isn't this evil. You can easily get a Windows instance in the cloud. That's the right way to do development too because it then becomes easy to have access to all of the versions of the OS that you want to target on different sizes of computer. One of the problems of modern software development is that devs treat the size of their own machines (much smaller than a server; much bigger than a normal assistant's machine) as some kind of gold standard instead of selecting the machine of the right size to test on.

Your developer's platform should be independent of the target platform.

Re:Digital certs don't make your software secure

Right. Because Macs run iOS. Of course.

They don't, but the iDevice simulators in Xcode do.

Re:Digital certs don't make your software secure

> $99 a year isn't an exorbitant fee for a code signing cert.

Ooh! Only $99!

http://www.stickycomics.com/computer-update/

Re:Digital certs don't make your software secure

and a shit load more than the actual decent vendors that don't try to rape you on price.

Re:Digital certs don't make your software secure

Actually - while I don't like the $99 fee - it probably keeps out a lot of crap. If it were free, people would continues submitting all sorts of crap applications and/or renew the old crap applications. This way at least somebody has to have a little investment in the app.

Re:Digital certs don't make your software secure

[butzwonker]

It can be exorbitant for small developers in combination with the other requirements. You also need to buy Macs every 3-5 five years in order to be able to stay afloat as a developer. Let's say you only update your machine every 5 years (a bit optimistic). Then a realistic estimate for the real development costs is USD 99 x 5 + USD 1300 MacBook Pro 13 + USD 249 Apple Care for MacBook Pro 13 for a total of USD 2044 / 5 years or USD 409 per year, not including any software, online storage and backup, web services, backup software and storage, etc. For serious business these costs are no problem. For small shareware and occasional developers these costs can be prohibitive. They certainly are the reason why I don't develop for Apple. And don't forget that Apple additionally takes 30% of all your revenue as opposed to 10 - 16 percent that ordinary payment services take, so the real costs for individual developers are much higher.

Re: Digital certs don't make your software secure

Seriously, if you can't afford $500 a year to develop software as a business then don't do it.

Re:Digital certs don't make your software secure

It's fine to tug the tired IT drone hated of Apple, but you can 100% do iOS development on a Mac. You literally don't even have to buy iOS devices to debug/test/release an app. I'd recommend it as quality UI requires real device interaction to develop, but you don't have to. XCode has all the ARM cross compilers for both 32 and 64bit iOS devices, and XCode is free. ($99 is required to sign your own code or submit it to apple for review)

And yes Macs do run iOS via XCode.

Re:Digital certs don't make your software secure

Realistically, it is even more expensive:

1: A new Mac when Apple discontinues support of that model on OS X. Apple has been good about this, as even machines in late 2008 are still usable, but that axe will fall soon, likely this year. For minimal software development, $1300 won't get you much. You really need a decent CPU, 16 gigs of RAM, 1TB of storage, all bringing up the price to near $3000 per Mac.

2: You need a core server for Git. Version control is a must, so you at least need a NAS that has basic Git functionality, if not a separate machine that runs GitLab/GHE/BitBucket so you have a nice Web UI for your repositories.

3: You need a backup system that computers can't touch to protect against ransomware. Synology's NAS has a nice system to do this from device to device. You also should plug in an external HDD every few weeks and make a copy to that as well. The cloud is another way, but that brings security issues.

4: You may need some third party utilities for libraries. Not cheap.

Mac developing isn't a shoestring project... it does take a lot of expense to do it, not just the yearly C-note to Apple.

PS: You want a 15" MBP... the 2015 13" has a thing for thermal shutdowns if under a constant, heavy load, and only has two cores.

Re: Digital certs don't make your software secure

That's exactly what I said, you dumbass.

Re:Digital certs don't make your software secure

Holy shit! Good thing Windows development doesn't need any of this! Get a $99 used Windows XP computer and you can be up and running today.

Re: Digital certs don't make your software secure

I don't think you know what the word evil means.

Re:Digital certs don't make your software secure

[tlhIngan]

Then a realistic estimate for the real development costs is USD 99 x 5 + USD 1300 MacBook Pro 13 + USD 249 Apple Care for MacBook Pro 13 for a total of USD 2044 / 5 years or USD 409 per year, not including any software, online storage and backup, web services, backup software and storage, etc.

Well, if you were a shareware developer that was hard up, I'd ditch the laptop and get a Mac Mini, which can be had for around $500 and updated far less often. I'd also ditch the AppleCare plan and self-insure, which should bring the cost down considerably. Yes, you need to supply a keyboard, mouse and monitor, but if you're resourceful, those can be had for practically free. So your total cost is around $200 a year, or half o what you figured going the economy route. Though if you're really trying to skimp, I would suggest finding a regular day job to pay the bills and do the shareware stuff on the side, like most developers out there.

You can develop on Macs on even the most low end of Macs.

Re: Digital certs don't make your software secure

Look at Mr. Fatcat, with $99 to spend. I got my 286 from a dumpster, and it even had MS DOS already installed.

Re:Digital certs don't make your software secure

But it is $99 more than https://letsencrypt.org/

Really, signing a cert means you have to do two things:
1) Verifying the CSR providers identity. Based on https://developer.apple.com/support/identity-verification/ that looks like it should cost about about nothing (plus the amortized access to the DUNS db).
2) Actually signing the cert. That might cost apple as much as $.02.

Re: Digital certs don't make your software secure

Seriously, if you can't afford $500 a year to develop software as a business then don't do it.

OSS isn't a business

"peer-to-peer information sharing network"

try "bittorrent protocol" because that's what it is, a PROTOCOL.. not a network.. and certainly not a singular "information sharing network".. that's rich, even for slashdot editors.

Re:"peer-to-peer information sharing network"

[NotInHere]

Sadly we live in the age of walled gardens, and not of open protocols. I really don't wonder that people mix this.

Re:"peer-to-peer information sharing network"

[Dunbal]

One man's walled garden is another man's state prison...

If I remember right transmission is also included

[Trax3001BBS]

In Linux Mint 13.

No sympathy

[smooth+wombat]

Stop trying to find ways to steal other people's work without compensating them and you won't have this problem.

But just like drug users, there will always be an excuse for why people think it's acceptable.

Re:No sympathy

[Fnord666]

Stop trying to find ways to steal other people's work without compensating them and you won't have this problem.

But just like drug users, there will always be an excuse for why people think it's acceptable.

Ok, I give up. What are you nattering on about?

Re:No sympathy

[Jamu]

Apparently a peer-to-peer file transfer protocol can be used to transfer files from one peer to another. And... err... Chewbacca lives on the planet Endor, therefore coping files is stealing, we've always been at war with Eastasia, and you have to compensate people for their work, because... they've not lost anything?

Re:No sympathy

[MrKrillls]

Don't give up. Don't ask.

Re:If I remember right transmission is also includ

[NotInHere]

I think that version is safe. My guess at the core of the whole story is that transmission wanted to provide binaries for mac, and they asked someone external to the project to do it, because neither of them had a mac nor wanted to afford $100 in order to build software for free, and that person was malicious and included the ransomware.

I guess that that made enough money to compensate for the Mac purchase and the 100$ developer fee. One can even say that in this case, apple made money with malware.

Re:If I remember right transmission is also includ

Yeah, no. They say the attack vector was unknown and was likely to have hacked the server.

Re:Gay niggers of America uses transmission for AI

Nice typo, you FFVI nerd.

ban anonymous cowards

i would gladly register here if you guys bann posting as an anonymous coward.

that way you could filter the AC's that are always posting racial and homophobic slurs.

Thist site has really gotten out of hand in the last few yes=ars, with AC's posting the most ridiculous things imaginable.

Like I said, I'd glady register if it meant AC's couldn't post or even read posts. or at a very minimum you should make users noregistered/signed in be subjected to a cornucopia of agressive ads to compensate. I know there are adblockers, but many sites find a way to block content when they are used.

Thank you

Re: ban anonymous cowards

[snowsnoot]

Go fuck yourself, thats what comment moderation is here for. Anonymity on the internet is immeasurably valuable in terms of free speech and this is one of the last somewhat meanigful places on the internet you can still have it.

Re:ban anonymous cowards

Why? Are you a gay nigger?

Thank you.

Re: ban anonymous cowards

[chefmonkey]

I think everything you're proposing can be achived via psuedonymity, which allows you to create a new persona detached from your real one (insulating the real you from persecution), but which allows the rest of use to set the "dipshit" flag on that persona if you're clearly a dipshit. Anonymity encourages assholism. Just reading through the "anonymous cowards" comments on Slashdot should be enough to make that fact evident.

Re: ban anonymous cowards

I've been reading and commenting on slashdot since at least 1999, possibly earlier I can't really remember. I've never bothered to setup an acct and always posted AC. Good or bad IDK but I appreciated the quick comment option. Just like ads and a lot of things. It isn't essential to my existence if the ability goes away but sometimes it is nice.

Re: ban anonymous cowards

If you don't believe in AC then don't post AC.
This site doesn't give a shit if you sign up or not.
Also, banning AC won't stop any of that. All it will do is add a bunch of throwaway accounts to the site real fast.

Re: ban anonymous cowards

[snowsnoot]

That implies there is something wrong with assholism, which is where I disagree. People should be able to speak as they choose, it is how the community judges their statements that is important. This decides what is and isn't socially acceptable, and comment moderation serves this purpose here on /. I personally don't feel the need to post as AC that often but sometimes you want to make sure that what you say isn't linked to any presence other than your IP which can be hidden using VPN/TOR etc if necessary.

Re:ban anonymous cowards

Well, AC is useless in your case. We'll instantly know it's you the next time a homosexual African American creates an account here.

Re: ban anonymous cowards

Yeah, whatever cuntcheese.

- Timothy

Re: ban anonymous cowards

[MobileTatsu-NJG]

Anonymity on the internet is immeasurably valuable in terms of free speech and this is one of the last somewhat meanigful places on the internet you can still have it.

AC posting on Slashdot is no more anonymous than posting with an account. It just uniquifies your identity in the discussion.

Re:ban anonymous cowards

IN SOVIET RUSSIA, Anonymous Cowards ban YOU!

This story is a LUDDITE lie!

Modern app appers know that ONLY apps can app apps, and malware is LUDDITE software, NOT AN APPY APP!

Apps!

Re:This story is a LUDDITE lie!

This always brightens my day a little.

Re:If I remember right transmission is also includ

Given that Transmission originates as a project purely for Mac OS (which has subsequently become cross platform), I'd be amazed if the main devs didn't own Macs.

Decipher

[manu0601]

Now the ransomware's certificate is revoked, I guess there is no hope to pay the crooks and recover the data?

Re:Decipher

[SeaFox]

Now the ransomware's certificate is revoked, I guess there is no hope to pay the crooks and recover the data?

Macrumors reports there was a three-day delay before the lockout would take effect. So most people haven't been caught by it yet.

Re:Decipher

You can go into system settings and allow any unsigned program to run.

Re: Decipher

They did a pretty good job with Palo Alto.

The malware was on the site for about 32 hours, pulled at the end of that window, with both Gatekeeper & Xprotect updated in that time, as well as the Dev Cert being revoked. The patch was live before Palo Alto went public.

That's really good in terms of response time from Apple, Palo Alto Networks & the Transmission project.

Re:Decipher

Paying the ransom is not a solution of the ransomware problem. In fact, it can only exacerbate it. The only right solution is regular backups and proper user education.

Re:Decipher

[wootcat]

I'm really curious what made me "immune." I updated Transmission last Thursday or Friday to the version supposedly infected. I learned about the malware Sunday and immediately checked for the reported signs of an infected computer, of which I had none. I immediately upgraded to the clean version and as of last night, my Mac mini is still clean.

I never get this.

[rrohbeck]

How is an encrypted drive different from a failed drive, other than that if it's only encrypted you don't even have to buy a new one - just wipe it and restore your backup, maybe reinstall your OS first.

Re: I never get this.

The difference is a failed drive is physically broken and doesn't work right anymore. An encrypted drive means nothing. No such thing. The files may be encrypted, but the hardware is unaffected. It's not like ransomware tells your hard drive to encrypt files, the program simply copies the file, encrypts it, writes it back to the drive and deletes the original. The drive is not malfunctioning at all.
So what? Are you suggesting drives should resist being used?

Re: I never get this.

[krray]

No, he's just saying that to the end user the symptoms are the same, ie; "it doesn't work right anymore".

Replace the drive (not needed in this case), format, and reload from a good backup.

You have a good backup, right? :)

Re:I never get this.

[antdude]

Unless it infects the backup drives too. :(

Re:I never get this.

[rrohbeck]

How can it? They're offline or on a backup system, ideally offsite. Right?

Re: I never get this.

No, he's just saying that to the end user the symptoms are the same, ie; "it doesn't work right anymore".

In that case, a hacker-encrypted drive is just like a 75 gigaton bomb thermonuclear bomb going off next door, triggering WWIII, ending all life as we know it, but then the emergence of a different biosphere, but still inevitably ends when the sun goes red giant, in that both cases you can't read the data anymore.

Re:I never get this.

That depends on when the infection took place. Tip: Most malware remains silent to spread itself until a given time. It wouldn't be very effective if it alerted the user immediately, now, would it? It takes a fair amount of time before the malware defenders learn about the exploits, how to detect them, then deploy updates for their tools.

Re:I never get this.

[antdude]

Some people always have them connected. :(

Re:I never get this.

Then it's not a backup.

Re:I never get this.

[MMC+Monster]

It's no different to a power user. As you said, you wipe and reinstall your apps and documents.

For the general public, it's a little different. With a failed drive they're hosed. With an encrypted file, they have the option to pay the ransom and regain their data. (And, typically, the second time around they'll buy an automated backup solution. Since this is an Apple OS, probably Time Capsule).

Re:I never get this.

[sociocapitalist]

How is an encrypted drive different from a failed drive, other than that if it's only encrypted you don't even have to buy a new one - just wipe it and restore your backup, maybe reinstall your OS first.

Because cryptolocker type attacks also encrypt any backup drives that are connected (either directly or over the network). You may even be backing up malware encrypted files, overwriting unencrypted files, for some time before the malware notice flashes up on your screen.

Keep in mind that the malware process runs encryption in the background for some time (i.e. until some target percentage of what the malware considers to be 'interesting files' has been encrypted) so you don't generally know that you're under attack until most of your files have been made useless to you.

The only reasonably certain defense is having a lot of one off backups that you make and then store offline. As USB keys are cheap I've been making weekly backups of the data that's really important and just throwing the keys in a drawer.

Re:I never get this.

Sure it is. The point of a backup is to be able to restore after disk failure or accidental deletion, and to restore data to an earlier timepoint. Having the backup online doesn't prevent any of those.

It's just not an ideal way of doing the job because the best backup solutions offer physical disaster recovery as well as the above. But that is a failure of the disaster recovery plan, not of backups.

Re:I never get this.

[castionsosa]

A failed drive is that... a failed drive. Any malware worth its salt will be encrypting/corrupting all data on external backup drives. It doesn't matter if you have RAID 7+1, replicated among three active/active peers. If the machine can get to it and rm/corrupt files, the backups are worthless.

What really needs do be done is to have an outside server SSH into the desktop machine and dump the files to someplace the desktop cannot touch by normal means. On Macs, this isn't too difficult -- have a decent Synology NAS with zbackup installed do a dump.

FucK3r

of play1ng your

Re:If I remember right transmission is also includ

Transmission started on the Mac. You really think that a couple $k for tools is a big deal to those with a job?

TL;DR: Geez Louise, cuntcheese, if you don't know what you're talking about...don't say it!

Re:If I remember right transmission is also includ

[Noah+Haders]

transmission is a longtime award winning mac app.

Sooner then anticipated

At the RSA Conference 2016 in San Francisco, last week, during one of the sessions dealing with Apple malware, a question was asked, why is was no mac cryptolocker yet, and an opinion was that there will be one within 6 months.

RSAC ended on Friday.
 

So much for Macs being secure

up yours, snooty Mac users!

Time Machine

[khchung]

So, if you find your important file encrypted by ransomware, how difficult is it to just restore it from a Time Machine backup?

After all, once it was encrypted, you can use it anymore, so it is simple to just get the version before the last update time.

Re:Time Machine

I'm guessing the time machine files will all be encrypted themselves so that data cannot be recovered. Assuming here that the time machine drive files are similar in form to the application 'bundles', just instead of programs and shared libraries on the 'bundle', there will be a source file and the various binary diffs of the versions of the files.

Re:Time Machine

You'd be wrong. Time Machine stores incremental backups that can stretch back for years. Basically backups are only deleted once your TM drive gets full. I have a 128 GB Macbook Pro with a 500 GB Time Machine drive, and my backups still stretch all the way back to August 7, 2015, the day I bought the NAS that has the TM drive on it.

Re:Time Machine

so it is simple to just get the version before the last update time.

And thats where the actual problem starts: How old will that first usable backup be* ? How much data that has been changed or added beyond that point in time will be lost forever ? How important is that data to you ?

Loosing 50 hours of playing time might be a near-death experience for a (hardcore?) gamer, but loosing a single week of financial data might be the death of a small company. And lets not even talk about people who use their computers to create stuff they sell (programmers, grahical artists, movie and music creators, you name it)

*the same is ofcourse true for all backup schemes, from a single backup each overwriting the previous one to using a "time machine" setup.

Re:Time Machine

[SilentChasm]

From the TorrentFreak article:

Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data.

Re:Time Machine

And thats where the actual problem starts: How old will that first usable backup be

The way incremental backups like Time Machine work, the first usable backup would literally be the most recent version that wasn't encrypted by the ransomeware. Many, many versions will persist in the backup until you run out of space, at which point, the /oldest/ versions get removed.

So if you get pwned by some ransomeware, it's trivial to restore from TM or Crashplan or Backblaze or any of the other incremental backup tools/services.

Re:Time Machine

[sociocapitalist]

So, if you find your important file encrypted by ransomware, how difficult is it to just restore it from a Time Machine backup?

After all, once it was encrypted, you can use it anymore, so it is simple to just get the version before the last update time.

Timemachine is network attached storage and, as such, is reachable by the malware.

From the article: "...it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data."

Also, as the attack is over time you will be backing up encrypted files and if you don't have enough space on your time machine to keep backups for a looong time, you may end up with your entire set of backups encrypted.

Re:Time Machine

[AmiMoJo]

How are Time Machine backups protected? Viruses on Windows like to infect System Restore points on XP (Vista and above has better security). Hopefully Time Machine backups are encrypted and protected by access control.

Re:Time Machine

Timemachine is network attached storage...

How is my USB drive "network attached storage"? I don't think you fully understand what you are talking about, Time Machine does not require network attached storage, it's quite happy using direct atached storage.

Re:Time Machine

If they weren't encrypted before, they will be afterward.

Re:Time Machine

Yes, but if you look at your time capsule or w/e you're backing up to your time machine backups are a single large binary blob. So if the ransomware decided to encrypt that file, you'd be SOL as you couldn't access any of the time machine backups.

Re:Time Machine

[JamesKeane7745]

He's thinking of Time Capsule, a NAS built into a WiFi router, which identifies to Time Machine to make backups easier in a home network.

Re:Time Machine

[castionsosa]

Time Machine is the Mac's built in backup program. Time Capsule is Apple's firewall/switch/Wi-Fi AP/NAS which allows one to back up (using Time Machine) to it, optionally encrypted.

As an alternative to the Time Capsule, especially if one already has a wireless AP, switch, or router, and just needs a NAS, a Synology or QNAP device is cheaper, and can store more. A 3TB Time Capsule runs about $400. You can buy a Synology 216se for $150, add two WD Reds for about $100 each, and have the same functionality as the TC... except with RAID 1 [1].

One backup plan that I have been doing is having more than one NAS. My first NAS is where my shares are directly attached for backups of my desktop boxes. The second NAS doesn't interact with any machines other than the first NAS, and is where the first NAS pushes snapshots to. Synology's replication software (which does deduplicate) can keep up to 256 snapshots, space permitting, so if malware does zero out the NAS shares, those can be restored to a pre-calamity state, and files restored to desktops.

[1]: Technically Linux's MD-RAID.

Re:Time Machine

[castionsosa]

IIRC, Time Machine backups have an ACL, similar to what SELinux uses, to inhibit writing to TM backup disks. However, it may not be that difficult for software to override that, or just write to /dev/diskwhatever to zero out the backups.

Time Machine is best used with another backup program. Mozy comes to mind, or back up via TM to a NAS, and have the data stashed there, saved to another location via snapshots (either by an automated process like what Synology and QNAP offer), or just tar the NAS share, pipe it to a zbackup repository.

Re:Time Machine

[wootcat]

From what I read on the Palo Alto site, the ransomware is still under development and looks like it will eventually encrypt TIme Machine, but that functionality is not active in this round.

What we need

[subk]

is in-browser support for BitTorrent so there can be better trust.

Re: What we need

https://webtorrent.io/

Re:What we need

[castionsosa]

Opera has BitTorrent built in, but disabled by default. Not too hard to enable/use it.

The REAL Phantom Menace

And... err... Chewbacca lives on the planet Endor...

Chewbacca lives on Endor? Does he have a thing for the furry little Ewoks, or are they just food? Next you'll be telling us that Jar-Jar Binks is a Sith Lord!

Oh wait, perhaps he actually was meant to be that, but Lucas backed off because of the vitriol towards Binks. More info in link.
Even an interesting secondary thread on the name Bink name possibly referencing a Piers Anthony character.

Re:The REAL Phantom Menace

Its the Chewbacca defense! https://www.youtube.com/watch?v=xwdba9C2G14

Re:The REAL Phantom Menace

[stealth_finger]

And... err... Chewbacca lives on the planet Endor...

Chewbacca lives on Endor? Does he have a thing for the furry little Ewoks, or are they just food? Next you'll be telling us that Jar-Jar Binks is a Sith Lord! Oh wait, perhaps he actually was meant to be that, but Lucas backed off because of the vitriol towards Binks. More info in link. Even an interesting secondary thread on the name Bink name possibly referencing a Piers Anthony character.

That does not make sense! Why would Chewbaca, an 8ft tall Wookie from the planet Kashyyk wand to live on Endor with a bunch of 2ft tall fucking Ewoks? If Chewbaca lives on Endor you must acquit!

Re:The REAL Phantom Menace

Just think how much, much better Return of the Jedi would have been if instead of Ewoks, it was a wookie colony. 'effin' Lucas.

Re:The REAL Phantom Menace

Look on the bright side, at least he didn't swap Chewbacca for an Ewok with CGI.

Re:If I remember right transmission is also includ

In Linux Mint 13.

Yes: and so is the source code https://www.transmissionbt.com/about/ So if there is hacked version for Linux it will be a compiled binary without the source being available which is against the terms and conditions of Mint. The dev that released the app on the APPLE "APE STORE" must monkeyed around with the code and deserves to be black balled from the dev communities permanently. I can't say as I blame the folks at transmission.COM for not paying to release it on the APE STORE system. Don't sweat it the black hats like this prick don't go after Linux users 1. because by and large we know to look out for stupid alteration that do not include source. 2. We are mostly cheap assholes who thumb our noses at Apple and Mac users LOL. First rule of linux if the code 'aint available and easily verifiable don't use it.

expect this to get worse

as more users move away from windows 10 more focus will gather on the mac vulnerabilies

Re: expect this to get worse

Such as lack of decent high end graphics? What will they do? Download a better video card? Overclock the low end piece of crap which can't be prised from the mac casing without a jackhammer? Patch the macos so it performs better than directx? (If so: bastards! How dare you hack us!)

Error

This news must be wrong. There are no viruses for Macs.

2.84..updated?

[techtech]

Hi, I have two computers.

I remember I saw that "improved compatibilty with modern OS X" and pressed install update..., but I can not remember which one or even both. After checking this machines Transmission, it is still 2.84

And I when reading this, I actually catched an uber to get to my other office to check what was going on there. ... but that also had 2.84, so it seems that the 2.9 update was unsuccessful on both computer / or one of them...

so then all safe? or is it masking itself as an older version or something.

Re:2.84..updated?

Just follow the instructions to check if your machines are infected, there's plenty of information from the guys at palo alto:

  http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/

Re:2.84..updated?

[666999]

Downloaded newest version (v2.92) from their site, installed, still shows as v2.84

But in the app's About window it shows the correct version number. Strange.

Re:If I remember right transmission is also includ

Transmission is a pretty lightweight and nice torrent client, with the core separated from the GUI, the latter varies a lot between the GTK and the mac version.
It's also written in C and with few dependencies, which makes compilation for embedded architectures easy.

Apparently didn't affect auto updates.

[bkk_diesel]

According to a comment at MacRumors, the malware only infected software downloaded from the website, not software updated through the updater mechanism.

Re:If I remember right transmission is also includ

I prefer deluge's UI. Transmission misses some important features. Although for the life of me I don't understand why they had to complicate deluged so much. Yes, I'm sure there is going to be that one guy who needs to run it as a server/thin client app, and it's great that that's supported. I've even set it up correctly once before. But halfway through doing that again I decided it was completely not worth the trouble to be able to manage torrents from the command line. ssh -X deluge-gtk; done.

What is this backup

[future+assassin]

you speak off?

Time Machine safe, for now

[GlobalEcho]

From the technical analysis section of the research document

In addition to this behavior, it seems like KeRanger is still under development. There are some apparent functions named “_create_tcp_socket”, “_execute_cmd” and “_encrypt_timemachine”. Some of them have been finished but are not used in current samples. Our analysis suggests the attacker may be trying to develop backdoor functionality and encrypt Time Machine backup files as well. If these backup files are encrypted, victims would not be able to recover their damaged files using Time Machine.

So it would appear that Time Machine's current design keeps it's data safe -- for now -- from having one's online backups encrypted. As others have pointed out, that's not likely to last and offline backups are a *very* good idea.

wtf is transmission?

try Vuse

Re:If I remember right transmission is also includ

[Trax3001BBS]

Transmission started on the Mac. You really think that a couple $k for tools is a big deal to those with a job?

TL;DR: Geez Louise, cuntcheese, if you don't know what you're talking about...don't say it!

Just hits me as a tad odd that a program supplied as a default Linux program - that does the same thing, shares the same name, and not hit a copyright wall; so suspect as an update.

Re:If I remember right transmission is also includ

[Trax3001BBS]

Transmission started on the Mac. You really think that a couple $k for tools is a big deal to those with a job?

TL;DR: Geez Louise, cuntcheese, if you don't know what you're talking about...don't say it!

Just hits me as a tad odd that a program supplied as a default Linux program - that does the same thing, shares the same name, and not hit a copyright wall; so suspect as an update.

All said and done it would appear my concerns a non issue. I just came across Transmission included in the excellent program "Portable Apps" https://sourceforge.net/projec... . Not as isolated as I tended to believe; many checks and balances.

Just another sourceforge download

But seriously , this is why open source software needs open distribution