Forum menu
One to be aware of if you're on an OSX machine.
Attackers infected two installers of Transmission [BitTotternt Client] version 2.90 with KeRanger on the morning of March 4.
...
The KeRanger application was signed with a valid Mac app development certificate; therefore, it was able to bypass Apple’s Gatekeeper protection. If a user installs the infected apps, an embedded executable file is run on the system. KeRanger then waits for for three days before connecting with command and control (C2) servers over the Tor anonymizer network. The malware then begins encrypting certain types of document and data files on the system. After completing the encryption process, KeRanger demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files. Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data.Palo Alto Networks reported the ransomware issue to the Transmission Project and to Apple on March 4. Apple has since revoked the abused certificate and updated XProtect antivirus signature, and Transmission Project has removed the malicious installers from its website. Palo Alto Networks has also updated URL filtering and Threat Prevention to stop KeRanger from impacting systems.
Transmission [BitTotternt Client]
Karma 😈
Ugh. Sorry, that was my typo, not theirs.
Quite an interesting story I thought. It's notable as the first 'real' armed Mac ransomware, but also noteworthy for the speed at which Apple killed it.
But Apple don't get viruses.
[quote=Drac ]But Apple don't get viruses.
This.
It's obviously a troll.
Ban him!!
But Apple don't get viruses.
Has never been true, but the number of viruses around aimed at Macs is far fewer than other platforms. There used to be a worm that infected Photoshop documents, and it was a pita, but that was in the 90's on the old PowerPC machines.
The difference has been regarding permissions, which this one seems able to bypass. A mate told me about it, and I was totally ignorant of its existence, but then I never use torrents, while he regularly torrents very large amounts of Japanese animé.
But Apple don't get viruses.
I thought only Mike Smith got to post hilarious stuff like that?
Japes aside, if you are a downloader of Linux distros, grab v2.92. It's has a built in removal tool. Also, if you had updated from within the app, so via Sparkle framework, you're ok. But update anyway.
My mate got stitched for ransom ware on his laptop containing all of the family photos. Forked out a load of change to get it back.
He received copious abuse from his peers about having a decent backup routine...rather than a non-existent one...
I only opened the thread to make a MWS joke but Bongo beat me to it.
Damn you, Mr Hoohaa...
*awaits Smith's arrival*
[img] 
[/img]
Good quality sunglasses protect against any known iVirus. FACT.
So as I understand it hackers infected a third party app (one used predominently for copyright infringement and developed by a different bunch of "hackers") and if Mac users install that app it can do bad things ? Somewhat differemt to the typical Windows virus which skirts in-built protections, no ?
No. FACT.
You got one Drac!
developed by a different bunch of "hackers"
I think that's pretty harsh on contributors to open source software.
So as I understand it hackers infected a third party app (one used predominently for copyright infringement and developed by a different bunch of "hackers") and if Mac users install that app it can do bad things ? Somewhat differemt to the typical Windows virus which skirts in-built protections, no ?
Yes and no. The ransomware circumvented Apple's built in protection by operating on a forged security certificate. So using your vague qualifiers, then it is similar. If you tried to install infected binary now, Apple would stop you as the Malware's signature has been added to the Xprotect service. These types of malware are more prevalent than the traditional viruses due to being more rewarding financially. This attack shows soon what was mainly a Windows issue, is soon going to be affecting OSX and Linux users. For example, Linux Mint recently got compromised:
Also, you spelled programmers as "hackers" for some reason.