![bittorrent transmission 2.92 bittorrent transmission 2.92](https://www.intego.com/mac-security-blog/wp-content/uploads/2016/08/codesign.png)
- BITTORRENT TRANSMISSION 2.92 SOFTWARE
- BITTORRENT TRANSMISSION 2.92 CODE
- BITTORRENT TRANSMISSION 2.92 PASSWORD
- BITTORRENT TRANSMISSION 2.92 DOWNLOAD
Actually ran the booby-trapped Transmission app you downloaded.
![bittorrent transmission 2.92 bittorrent transmission 2.92](https://img-cdn.tnwcdn.com/image?fit=1200%2C1200&height=1200&url=https%3A%2F%2Fcdn0.tnwcdn.com%2Fwp-content%2Fblogs.dir%2F1%2Ffiles%2F2016%2F03%2FTransmission.jpg)
![bittorrent transmission 2.92 bittorrent transmission 2.92](https://www.ghacks.net/wp-content/uploads/2016/03/transmission-options.png)
So, don’t forget that even though the credential-grabbing part of OSX/PWSSync-B is bad enough on its own…
BITTORRENT TRANSMISSION 2.92 DOWNLOAD
Calls home to download additional scripts to run.Īs an aside, don’t forget that before ransomware grabbed the headlines, with its laser-like focus on scrambling your data quickly to provoke prompt payment, most malware included a zombie or bot component like the third item above.
BITTORRENT TRANSMISSION 2.92 PASSWORD
![bittorrent transmission 2.92 bittorrent transmission 2.92](https://nakedsecurity.sophos.com/wp-content/uploads/sites/2/2016/09/trans-1200.jpg)
It’s actually an OS X executable (program file) that:
BITTORRENT TRANSMISSION 2.92 SOFTWARE
The file License.rtf sounds innocent enough – what software doesn’t include a licensing document somewhere? – and opening it seems equally reasonable.Įxcept that this License isn’t what it seems.
BITTORRENT TRANSMISSION 2.92 CODE
Transmission’s hacked startup code loads License.rtf from the Resources subdirectory (Last time, the sneaky extra file was General.rtf.) The hacked Transmission program itself contains only a tiny change: a small snippet of code added at the start that loads a file called License.rtf that is packaged into the application bundle. The hack that was applied to the Transmission app this time is very similar to the previous attack. PWS, by the way, is short for password stealer, so you can guess the primary function of the malware it is also known as “Keydnap”, a name that explains itself (say it out loud quickly). Ironically, the main feature added when 2.92 was released, and the main reason you might have updated, was to a malware removal utility for KeRanger, in case you had a leftover infection from the hacked 2.90 version: This time, for less than 24 hours on 28 August 2016 and 29 August 2016, a bogus version of Transmission 2.92 was uploaded that contained malware known as OSX/PWSSync-B. The first time it happened to popular BitTorrent client Transmission was back in March 2016.įor a short while, the Mac version of Transmission 2.90 on the official download site was a not-so-official version that had some secret sauce of its own: OS X ransomware called OSX/KeRanger-A. To have the official distribution of your Mac software hacked to include malware once may be regarded as a misfortune to have it happen twice looks like carelessness. Thanks to Xinran Wu of SophosLabs for his behind-the-scenes work on this article.