Groups

    Macs the safer choice? Popular BitTorrent Client Transmission Gets Infected With Malware AGAIN

    Editor
    Second time this has happened now, and I know those who use a Mac and BitTorrent, tend to use Transmission as their client.

    The malware, dubbed OSX/Keydnap, is pretty nasty. It’s designed to steal the contents of the OS X system keychain and maintain a permanent backdoor. And for a few hours, that malware found its way into the popular Mac BitTorrent client, Transmission.

    The good news is that “within minutes” of being notified that a rogue version of Transmission was discovered, the Transmission team removed the file from its web server. The bad news is that it’s unclear how long the rogue version of Transmission was available or how many people could have downloaded the file.

    Is your Mac infected? Check using the details in the first post.

    2 Comments

    Original Poster Editor

    The malware-infected version of Transmission has a digital signature of Aug. 28, so ESET is advising anyone who downloaded Transmission 2.92 between Aug. 28-29 that their systems might be compromised.

    Good news is this didn't fall into update chains, and Transmission hasn't had an update in quite a while, so this may only affect you if you downloaded it within the above timeframe. However, If you think you might be affected, check for the existence of any of these files or directories:

    /Applications/Transmission.app/Contents/Resources/License.rtf/Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf$HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd$HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id$HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist/Library/Application Support/com.apple.iCloud.sync.daemon/$HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plist



    If you see this stuff, ESET says it means that the malicious version of Transmission was executed and that “Keydnap is most likely running.”

    If you’ve got OSX/Keydnap running on your system, you can remove it by either running a virus scan from a trusted antivirus app like Norton AntiVirus or ESET CyberSecurity. There is also a gist on GitHub that you can run via OS X’s terminal to delete the malware.

    Edited by: "msmyth" 31st Aug 2016

    Thanks for posting this
    Post a comment
    Avatar
    @
      Text
      Top Discussions
      1. Any advice on mobile networks.88
      2. How to cancel Sky subscription912
      3. Biscuit addiction2262
      4. Just an thought regarding Paypal1211

      See more discussions