If you’re a Mac user who downloads files using the torrent software called “Transmission,” you may want to check your machine for signs of infection. It was recently discovered that a malicious copy of the torrent software had found its way onto Transmission’s website, which is where most people go to download the client.
As soon as the rogue copy of the software was discovered, it was removed, so if you go back to the site and re-download today, you should be fine. However, at a minimum, you’ll want to delete your current copy and scan your computer for viruses just to be sure you haven’t been impacted.
Unfortunately, this is not the first time the company’s website has been impacted in this manner. Several months ago, in another eerily similar incident, the Transmission website’s software was infected with Mac-based ransomware called KeRanger, which encrypted all of a user’s files, and demanded a payment in BitCoins to get the unlock code.
This infection, while not as initially damaging, is similar. The malware it installs is called OSX/Keydnap, which has been designed to steal passwords and leave a back door open on your computer that allows the hacker controlling the software to gain admin-level access.
ESET, the security company that found the malware on Transmission’s site, noted the remarkable similarities between the two instances of malware. While they are functionally different, the similarities in the code led researchers at ESET to conclude that they were likely developed by the same person or group.
Transmission has reported that they are investigating the incident, but has released no additional information. As a user, the best thing you can do here is be vigilant. If you’re a user, delete your current version, scan your system, get the latest install and then re-scan just to be safe.