OSX/Keydnap distributed through Transmission app, M.O. similar to KeRanger
Users who downloaded Transmission v2.92 between August 28-29 should check to see if their systems were compromised by Keydnap malware.
Mac users who downloaded Transmission v2.92 between August 28-29 should check to see if their systems were compromised by OSX/Keydnap, ESET researchers advised in a We Live Security blog post Tuesday.
OSX/Keydnap was “spread via a recompiled version of the otherwise legitimate open source BitTorrent client application Transmission and distributed on their official website,” they wrote.
ESET notified the Transmission team and “literally minutes after” the malicious file was removed from the web server and a probe ensued. The researchers, who noted “the malicious disk image was named Transmission2.92.dmg while the legitimate one is Transmission-2.92.dmg,” list several files and directories that users should look for to verify the likelihood that Keydnap is running.
The distribution technique of the malware is similar to that of KeRanger, with “a malicious block of code…added to the main function of the Transmission application,” the researchers wrote. “The code responsible for dropping and running the malicious payload is astonishingly the same.”