Page 1 of 1

Ransomware on OS X, momentarily

Posted: Mon Mar 07, 2016 11:44 am
by Stephen Hart
A recent update to popular BitTorrent client Transmission has been withdrawn and replaced because of malware included in the installer. Early downloads of the Transmission 2.90 client were infected with a ransomware package which has been dubbed "KeRanger" by the security researchers at Palo Alto Networks. KeRanger is the first functional malware of its kind on OS X.
If installed, the package waits for three days before contacting command and control servers through Tor, sending Mac model number, and UUID, which are probably used to derive an encryption key. Following successful communication with the control server, the malware starts encrypting documents stored on the host system.
http://www.macnn.com/articles/16/03/06/ ... an.132889/

Note that a major hospital got stung by ransomware recently, and paid the ransom.
Note also that this was a client app for a file-sharing service.