Apple’s Mac operating system has been hit by the “first fully functional” ransomware threat via the Transmission BitTorrent client. According to Claud Xiao and Jin Chen of Palo Alto Networks, “attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4.” Once installed, the malware connected to a remote server via the Tor anonymizing service and it “begins encrypting certain types of document and data files on the system.” It then “demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files.” If you downloaded the app on Friday or Saturday, it’s recommended you download the 2.92 update to avoid being targeted by the ransomware. And here are steps to identify and remove the malware if it was installed.
Apple on the same day the threat was discovered revoked the signing certificate involved to prevent new installations of the infected version via the iOS-like GateKeeper signed-app security system. They also automatically distributed an OS X XProtect antivirus signature to flag or quarantine existing compromised downloads. With these measures up, those who try to open a known-infected version of the app will get a warning dialog box that notes “Transmission.app will damage your computer. You should move it to the Trash,” or “Transmission can’t be opened. You should eject the disk image.”
Source: Apple Insider