Michal Marek A functional ransomware-type "virus" has arrived on the Mac for the first time ever. This infection works by encrypting the user's data, and the user then has to pay a "ransom" to the attackers to get their data back. Payment is usually made in bitcoins, which are a guarantee of untraceability for attackers. The source of the infection was an open-source client for the bittorrent network Transmission in version 2.90.
The unpleasant fact is that a malicious piece of code called OSX.KeRanger.A got directly into the official installation package. The installer therefore had its own signed developer certificate and thus managed to bypass Gatekeeper, the otherwise reliable system protection of OS X.
After that, nothing could prevent the creation of the necessary files, the locking of the user's files, and the establishment of communication between the infected computer and the attackers' servers via the Tor network. Users were also redirected to Tor to pay a fee of one bitcoin to unlock files, with one bitcoin currently worth $400.
It is good to mention, however, that user data is encrypted up to three days after installing the package. Until then, there is no indication of the presence of a virus and it can only be detected in the Activity Monitor, where a process labeled "kernel_service" is running in case of infection. To detect malware, also look for the following files on your Mac (if you find them, your Mac is probably infected):
/Applications/Transmission.app/Contents/Resources/General.rtf
/Volumes/Transmission/Transmission.app/Contents/Resources/General.rtf
Apple's reaction did not take long and the developer's certificate was already invalidated. So when the user now wants to run the infected installer, he will be strongly warned about the possible risk. The XProtect antivirus system has also been updated. He also responded to the threat Transmission website, where a warning was posted about the need to update the torrent client to version 2.92, which fixes the problem and removes the malware from OS X. However, the malicious installer was still available for almost 48 hours, from March 4 to 5.
For users who thought of solving this problem by restoring data via Time Machine, the bad news is the fact that KeRanger, as the ransomware is called, also attacks backed-up files. That being said, users who installed the offending installer should be saved by installing the latest version of Transmission from the project website.
Those who updated to 2.90 via the application are not at risk...
Those who suck through torrents deserve nothing but ransomware...
fuck off
And again the stupid condemnation with a slap :(
Did you think that the torrent protocol can be used and is also used to distribute sw?
Hmmm, when I download a Linux distribution, it is best via Torrent, which is what the given protocol was developed for in the first place, the fact that it is abused is another matter...