Macs have been severely hit by a scary form of malware for the first time, found in the Transmission BitTorrent client released last week. The ransomware malware has been diagnosed in the infected devices will include ‘KeyRanger’ malware that will encrypt the users’ hard disk. It will take three days for the malware for activation and hijack the files on your device. This malware will then ask for payment to allow users to decrypt the files and access their date, which simply means, this type of ransomware program will hijacks data on your Macs until you pay ransom to the hackers who developed it.
According to Palo Alto Networks, this is the first known case of ransomware to affect Macs. Usually, they target Windows PCs. The hackers will ask for the ransom either in Bitcoin or another type of online currency.
Apple has already revoked the certificate that allows KeyRanger to work, so the malware should no longer install on your Mac now, but those that were already infected have no good, though.
Transmission has asked its users to install the latest version of the app, version 2.92 to remove the malware from your computer. The version 2.90 was the infected version, and updating to 2.92 should fix everything.
Palo Alto Networks suggests a few other methods to check for the presence of the malware. Their post also includes a lot more detail on the technical implementation of the virus, so check out their post for more information. The security researchers suggest checking for the existence of the file ‘/Applications/Transmission.app/Contents/Resources/General.rtf’ or ‘/Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf’. If this file exists, the Transmission app is likely infected. You can also check for the existence of “.kernel_pid”, “.kernel_time”, “.kernel_complete” or “kernel_service” files in the ~/Library directory. Delete the files if they exist.