The torrent client is Transmission for Mac has detected a virus which steals Apple ID and passwords to your Bank accounts

Security experts found in the distribution of the popular torrent client Transmission for Mac malicious code. According to Cnews, hackers broke into the website of the developer and replaced safe the file is infected.

Transmission is a popular BitTorrent client, open source, designed for Mac. Intruders hacked the official resource Transmission, which extended the program, and implemented in the designed to download the official installation file of the malicious code.

The presence of malicious code in the distribution is detected, Eset. They notified the developers of the app, after which they deleted the malicious file and began an investigation.

In Eset say that in the installation file Transmission was integrated Trojan OSX/Keydnap. This malware steals passwords from keychain access macOS and provides the attackers ongoing access to the compromised system.

Eset analysts concluded that the spread of Trojan is through attachments in emails and apps downloaded from trusted sources. At that time it was not known that such application is the Transmission.

When the distribution of Transmission appeared to be malicious code, you cannot tell for sure. The last published version was signed on August 29, 2016. But, apparently, its distribution began later in the day, says Eset. The company strongly recommends anyone who downloaded the Transmission 2.92 in the period from 28 to 29 August 2016, check the system using antivirus.

The presence of the following files or directories would mean that the malicious code was in the system:

  • /Applications/Transmission.app/Contents/Resources/License.rtf
  • /Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf
  • $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd
  • $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id
  • $HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist
  • /Library/Application Support/com.apple.iCloud.sync.daemon/
  • $HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plist

Also Eset recommend users to pay attention to the name of the installation file: the malicious file was spread under the name of Transmission2.92.dmg, while safe — Transmission-2.92.dmg.

Note that in March of this year in the distribution Transmission was detected the malicious code of ransomware OSX.KeRanger. He was introduced by the intruders in the app after the developers for the first time in two years released an update a torrent client.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *