Transmission OS X BitTorrent client infected again!

ESET researchers found another malware inside Transmission BitTorrent client, which was available from their official website.

First time the client was infected, was back in March. This new malware’s name is Keydnap and it has a lot in common with the former KeRanger ransomware. ESET already reported this incident to Apple.

Who got infected?

According to ESET, anyone who downloaded Transmission v2.92 between August 28th and August 29th, 2016 should check for the below files on their system :

  • /Applications/Transmission.app/Contents/Resources/License.rtf
  • /Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf
  • $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd
  • $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id
  • $HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist
  • /Library/Application Support/com.apple.iCloud.sync.daemon/
  • $HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plist

If any of the above directories or files exists, you are infected.


Leave a Reply

Your email address will not be published. Required fields are marked *