A few months ago, we reported that the Transmission, celebrated BitTorrent client for OS X, was infected with the first ransomware documented for the Macs operating system, and updated immediately thereafter to get rid of the problem.
Unfortunately, the open source software was again attacked by cybercriminals and inadvertently distributed another malware through its latest version to users.
O ransomware it was incorporated into a compilation of the app that, for a few days, was distributed through its own official website. Named OSX / Keydnap, it was discovered by the virtual security website We Live Security and operates similarly to KeRanger, discovered months earlier.
As soon as it was notified of the issue, the Transimission development team immediately removed the infected file from its website. They believe that ransomware was only distributed on August 29th, and users who have downloaded the app on that day on their official website are asked to check the presence of the following files or folders on their system if they are present, a sign that the Mac has been infected and should be cleaned or formatted:
- ~ / Library / Application Support / com.apple.iCloud.sync.daemon / icloudsyncd
- ~ / Library / Application Support / com.apple.iCloud.sync.daemon / process.id
- ~ / Library / LaunchAgents / com.apple.iCloud.sync.daemon.plist
- / Library / Application Support / com.apple.iCloud.sync.daemon /
- ~ / Library / LaunchAgents / com.geticloud.icloud.photo.plist
Just to clarify, old users of the app ie anyone who downloaded the software on any date before yesterday need not worry: their versions of Transmission are perfectly clean.
Still, let us all be sadly aware, the Mac world is no longer the paradise of yesteryear.