On Sunday, security researchers revealed the first successful ransomware campaign to target Macs.
"On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted," wrote security firm Palo Alto Networks in a blog post over the weekend. The researchers named the ransomware "KeRanger" and claims that this is "the first fully functional ransomware seen on the OS X platform." When users downloaded version 2.90 of Transmission on Friday, their Macs were infected. "Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4," explained the researchers. "The KeRanger application was signed with a valid Mac app development certificate; therefore, it was able to bypass Apple's Gatekeeper protection." KeRanger is programmed to stay quiet for three days, then start encrypting files and demanding a ransom of 1 bitcoin, or roughly $400. Users affected by KeRanger could start losing access to their data on Monday.
Following Palo Alto Network's report on the malware, Transmission removed the malicious version of its software and released a version it says will remove the ransomware from infected devices. "Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file," reads a notice on Transmission's website. Transmission ensures that version 2.92 will remove KeRanger from your computer. It added, "Users of 2.91 should also immediately upgrade to and run 2.92. Even though 2.91 was never infected, it did not automatically remove the malware-infected file."
Photo: © iStock.