SoylentNews

An Anonymous Coward writes:

Following closely upon the hacking of the Linux Mint [soylentnews.org] website, the developers of the Transmission [transmissionbt.com] bittorrent client have announced [transmissionbt.com] that last week's 2.90 release was infected by a new form of OSX malware, OSX.keRanger.A [paloaltonetworks.com] (or "KeyRanger" as 9to5mac [9to5mac.com] is calling it).

The payload appears to be the first OSX ransomware discovered in the wild. If it works, OSX.KeRanger.A should begin encrypting infected users' files on Monday, March 7. The malware seems to have been included only in downloads from the developers' website, while Transmission's internal update function (using the Sparkle framework) seems to have delivered clean updates. The developers have released two updates (2.91 [transmissionbt.com] and 2.92 [transmissionbt.com]) in the past twenty-four hours to remove the infection.

Those who use Transmission on OSX should check for the following on their systems:

• a process called kernel_service running
• a file Contents/Resources/General.rtf inside the Transmission.app directory
• any of the following files in the /Library/ directory: .kernel_pid, .kernel_time, .kernel_complete or kernel_service

Original Submission