Compliance Management, Malware, Privacy

OSX/Keydnap distributed through Transmission app, M.O. similar to KeRanger

Mac users who downloaded Transmission v2.92 between August 28-29 should check to see if their systems were compromised by OSX/Keydnap, ESET researchers advised in a We Live Security blog post Tuesday.

OSX/Keydnap was “spread via a recompiled version of the otherwise legitimate open source BitTorrent client application Transmission and distributed on their official website,” they wrote.

ESET notified the Transmission team and “literally minutes after” the malicious file was removed from the web server and a probe ensued. The researchers, who noted “the malicious disk image was named Transmission2.92.dmg while the legitimate one is Transmission-2.92.dmg,” list several files and directories that users should look for to verify the likelihood that Keydnap is running.

The distribution technique of the malware is similar to that of KeRanger, with “a malicious block of code…added to the main function of the Transmission application,” the researchers wrote. “The code responsible for dropping and running the malicious payload is astonishingly the same.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.