3. First Mac-targeting ransomware hits Transmission users, researchers say. Rogue c...

First Mac-targeting ransomware hits Transmission users, researchers say. Rogue copy of BitTorrent client results in KeRanger install, which demands 1 bitcoin.

It affects only a subset of Transmission users who downloaded a corrupted version of the app. It's since been fixed.

Somehow (news still breaking), Transmission lost control of their Certification, allowing ransomware jerks to slip their version in.

I believe from Transmission's web site. I believe the auto update version was safe. Auto update to latest version now.

Technical analysis, including How To Protect Yourself section, is here. It's towards end of article.

Text copied/pasted here, but click-thru recommended.

We suggest users take the following steps to identify and remove KeRanger holds their files for ransom:

  1. Using either Terminal or Finder, check whether /Applications/Transmission.app/Contents/Resources/ General.rtf or /Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf exist. If any of these exist, the Transmission application is infected and we suggest deleting this version of Transmission.

  2. Using “Activity Monitor” preinstalled in OS X, check whether any process named “kernel_service” is running. If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users/<username>/Library/kernel_service” (Figure 12). If so, the process is KeRanger’s main process. We suggest terminating it with “Quit -> Force Quit”.

  3. After these steps, we also recommend users check whether the files “.kernel_pid”, “.kernel_time”, “.kernel_complete” or “kernel_service” existing in ~/Library directory. If so, you should delete them.

/r/apple Thread Link - arstechnica.com
Previous
Next

Recently removed from /r/apple

Apple Music Classical has been released Microsoft Wants to Launch Xbox Games Store on iPhone What's the appeal of Apple? Apple is finally removing scam authenticator apps ! Great news. Apple retail employees testing 'Buy Now, Pay Later' service Daily Advice Thread - February 01, 2023 Biden targets Apple in op-ed on Big Tech regulation, need for improved competition Tim Cook scheduled to meet with Republican lawmakers Would you like a better alarm clock? No, Apple is (almost certainly) not ruining their ANC with firmware updates Google Tensor G2 vs A15 benchmarks iPhone 14 Battery Capacities For All Four Models Revealed Ahead of Launch Samsung can’t stop talking about the iPhone 14, and it’s getting a little creepy Apple investors are being asked to vote against giving CEO Tim Cook his $98.7 million pay package for 2021 Apple investors are being asked to vote against giving CEO Tim Cook his $98.7 million pay package for 2021

More Random Comments

New MSP | Security Stack How has the trend towards a cashless society affected homeless people? What is the best model so far? I made a 24/7 AI GT advisor that sources answer from 14k Georgia Tech websites Texas Officials Would Rather Close Library Than Stock Books They Don’t Like Hvordan slår man op med en kæreste på en ordentlig måde What's holding you back (or held you back) from leaving teaching? This is like being hit by a drunk driver and becoming crippled for life. Debating accepting ETA What are signs someone is secretly racist? How is this being allowed Yet Another Rant About Matchmaking on r/MarvelSnap I'm also baffled baffled, I paid the suggested tip amount on a expensive order. Whoa!!!!!! I need dating advice on dating men. Men constantly reject me when it comes to dating. Is there something I'm doing wrong?