Transmission’s Website Abused to Deliver Mac OS X Malware

The popular BitTorrent client Transmission which is widely used by Microsoft Windows, Gnu/Linux and Mac OS X has experienced a security issue with its web site. Cyber criminals have abused the web page to deliver Mac OS X malware.

Transmission’s Site Once Again Hacked with Malware

Cyber security issues have appeared around Transmission’s site which was hacked by criminals. The compromised site delivered the BitTorrent client with malware that targeted Mac OS X users. According to security researchers, this has occurred between August 28-29 for version 2.92 of the program.

The delivered malware is known as OSX/Keydnap, and it can be used to steal the OS X keychain and to create backdoors in the victim system for remote access. The last attack against the site happened in March when a ransomware was being distributed targeting Linux users.

All traces of Keydnap have been removed by Transmission’s staff, and they have issued a statement on their website. According to the team, the infected files were removed from the servers immediately after the issue was detected. To help prevent future accidents the whole web site and all binary files have been moved to GitHub. The binaries will be stored in a separate repository from the site for added security. An investigation is ongoing to find out how the criminals have breached the site’s security measures.

Concerned Mac OS X users can investigate if they have been infected with the malware by checking for the presence of these files and/or directories on their system:

/Applications/Transmission.app/Contents/Resources/License.rtf
/Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf
$HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd
$HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id
$HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist
/Library/Application Support/com.apple.iCloud.sync.daemon/
$HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plist

Most anti-virus software have updated definitions and can handle the threat. The latest iteration of the Keydnap malware is from July, and the distributed code is not an updated version of it.

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *