Transmission Malware On Mac, Strike 2

New reader puenktli writes: Just five months after Transmission was infected with the first 'ransomware' ever found on the Mac, the popular BitTorrent client is again at the center of newly uncovered OS X malware. Researchers at security website We Live Security have discovered the malware, called OSX/Keydnap, was spread through a recompiled version of Transmission temporarily distributed through the client's official website. OSX/Keydnap executes itself in a similar manner as the previous Transmission ransomware KeRanger, by adding a malicious block of code to the main function of the app, according to the researchers. Likewise, they said a legitimate code signing key was used to sign the malicious Transmission app, different from the legitimate Transmission certificate, but still signed by Apple and thereby able to bypass Gatekeeper on OS X.

Re:Gee.. I wonder why.

I think it's more of a case of a "hacker" going down through the list of "Most popular Mac OS applications", and finding that number X (in this case, Transmission) had a good popularity to ease of hacking ratio. That is, it was easy to hack and popular enough to be a good infection vector.

If number X-1 was easier to hack, it would've been that one instead.

I don't believe that anyone would target transmission specifically because it is a bittorrent client, since there are a whole bunch of other clients (I use Deluge on Linux) and those haven't been hacked yet, popular or not. And if their intention was to disrupt bittorrent, then why would they target Mac OS? Targeting Windows would be far more damaging (more users).

So, tl;dr, i don't think there's any conspiracy going on. The developers of Transmission are just crap at security.