Mac BitTorrent client Transmission is arguably becoming popular among computer users. It is what virtually everyone uses to download the legit open source files. However, the recent Transmission hacks have raised eyebrows among many users.
BitTorrent client for Mac has been hacked to serve malware twice in just five months. The chances are that the malware has infected Transmission the same way as it did last time.
According to researchers at ESET, this malware, dubbed OSX/Keydnap, is designed to hack the OS X system keychain contents, steal the passwords and maintain a backdoor which is permanent so that it can continually get access to those contents.
The malware was found in a build of the open source torrent client Transmission.
Moreover, this nasty Mac-targeting malware was being spread via a corrupted version of the BitTorrent client and surprisingly was directly hosted on its official website (the Transmission site) without the knowledge of the Transmission team.
The team did not realize the vulnerability until the researchers at ESET notified them.
According to the researchers, the Transmission team noted their servers were vulnerable to attack by the malware. However, the good news is that measures have been put in place to ensure that greater security is achieved.
The malware has been jeopardizing the safety and security of many users for a while now. Many are grateful to the security firm (ESET) that has brought the existence of this malicious program to light.
However, it is not clear how the virus infected the users. Also, it is not clear when the malicious program attacked the site. Perhaps it is through email attachments or downloads from unreliable, insecure and untrusted websites.
The malicious program spread through a trusted source. The deceitful software was signed with a legitimate Mac development certificate which made the bypassing of the Apple’s Gatekeeper worryingly easy for the cybercriminals.
The malware then got its way to the Transmission website where it spread to some users who had downloaded the Transmission version within that period.
As soon as ESET informed the Transmission team of the presence of the malware, they promptly acted to remove it from their server, but the users who had downloaded the file had already been infected.
We are told that the Transmission team took a matter of minutes to eliminate the malware from the website and launched an immediate investigation to reveal how the malicious program found its way to their official website.
Recommendations by the ESET team
The ESET team suggested that users, who had downloaded the V2.92 Transmission version between August 28 and August 29, were vulnerable to attack and were required to check whether their systems had been compromised.
If such files are on your machine, it is more likely that the malware program is running;
- $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd
- $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id$HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist
- /Library/Application Support/com.apple.iCloud.sync.daemon/
If you realize that any of these files or folders are present in your system, you can use a trusted antivirus program to remove them. ESET CyberSecurity, being one of the best programs to eliminate the malware.
You can also get access to the script that is available on GitHub and run it through the OS X terminal to remove the malware. According to the ESET researchers, users who will not take the recommended safety measures may be victims of further data loss.
You can get a detailed guide published by the Transmission team if you have any concerns about the infection. The team is working round the clock to minimize any chances of this happening again in future.
Further, the team made it clear that other versions of Transmission were not affected; the malware only affected the OS X version only.
For Transmission users, it is more likely that the latest hack on the BitTorrent client is going to give them a pause because this has happened twice within a span of five months. Nobody wants to expose their sensitive data to cyber criminals.
Nevertheless, the Transmission team has promised its users that measures have been put in place to protect them from further attack.