Date: Wednesday, August 31st, 2016, 05:27
Category: macOS, News, security, Software
The malware beast raises its head once again.
Transmission, a popular BitTorrent client, has been discovered to once again be distributing Mac-based malware under version 2.92, months after it was used to spread a strand of ransomware.
Researchers at security firm ESET have been following a malware called OSX/Keydnap, which can steal passwords, and noticed that it was spreading through Transmission’s official site.
As of now, a version of Transmission containing the malware is in the wild according to ESET.
Fortunately, Transmission has already removed the download, but users who downloaded the client between this past Sunday and Monday should check for signs that their Mac has been comprised.
In addition to stealing credentials, the Keydnap malware functions as a backdoor program that can allow the hacker to execute remote commands on the Mac, including file downloads.
ESET covered the malware strain in July, although the security firm admitted it didn’t know how it was being spread. “It could be through attachments in spam messages, downloads from untrusted websites, or something else,” the company said at the time.
Transmission has yet to respond for comment, although the software was found earlier this year to be spreading a Mac-based ransomware called KeRanger.
ESET noted the similarities between the two attacks.
“In both cases, a malicious block of code is added to the main function of the Transmission application,” ESET said. “The code responsible for dropping and running the malicious payload is astonishingly the same.”
Like KeRanger, the Keydnap malware was also spread through a Transmission client that was signed with a legitimate Apple developer’s certificate. This can help it bypass Apple’s malware detecting feature Gatekeeper.
ESET stated that it had already notified Apple regarding the compromised developer certificate. The security firm’s products will also detect and remove the Keydnap malware.
As always, stay tuned for additional details as they become available.