Bit­Tor­rent client dis­tribut­ing Mac mal­ware

Months ear­lier, the Trans­mis­sion Bit­Tor­rent client was found dis­tribut­ing Mac-based ran­somware. Michael Kan re­ports

Macworld - - Contents -

Apop­u­lar Bit­Tor­rent client called Trans­mis­sion has again been found dis­tribut­ing Mac-based mal­ware, months af­ter it was used to spread a strand of ran­somware.

Re­searchers at se­cu­rity firm ESET have been fol­low­ing a mal­ware called OSX/Keyd­nap, which can steal pass­words, and no­ticed that it was spread­ing through Trans­mis­sion’s of­fi­cial site.

Some­how, a ver­sion of the Bit­Tor­rent client con­tain­ing the mal­ware had been re­cently made avail­able on the site, ESET said in a re­cent blog post. Trans­mis­sion has al­ready re­moved the down­load, but users who down­loaded the client at the end of Au­gust should check for signs that their Mac has been com­prised.

In ad­di­tion to steal­ing cre­den­tials, the mal­ware func­tions as a back­door pro­gram that can al­low the hacker to ex­e­cute re­mote com­mands on the Mac, in­clud­ing file down­loads.

ESET pub­lished de­tails on the mal­ware in July, but the se­cu­rity firm wasn’t sure how it was be­ing spread. “It could be through at­tach­ments in spam mes­sages, down­loads from un­trusted web­sites, or some­thing else,” the com­pany said at the time.

At the time of writ­ing Trans­mis­sion was in­ves­ti­gat­ing the is­sue, ac­cord­ing to ESET. How­ever, ear­lier this year, the Bit­Tor­rent client was also found spread­ing a Mac-based ran­somware called KeRanger.

Like KeRanger, the Keyd­nap mal­ware was also spread through a Trans­mis­sion client that was signed with a le­git­i­mate Ap­ple de­vel­oper’s cer­tifi­cate. This can help it by­pass Ap­ple’s mal­ware de­tect­ing fea­ture Gate­keeper.

While it isn’t clear why Trans­mis­sion was dis­tribut­ing the mal­ware, its pos­si­ble the site may have been hacked, and then up­loaded with a tainted ver­sion of the Bit­Tor­rent client.

ESET has al­ready no­ti­fied Ap­ple about the com­pro­mised de­vel­oper cer­tifi­cate. The se­cu­rity firm’s prod­ucts will also de­tect and re­move the Keyd­nap mal­ware.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.