Transmission, a Bittorrent client for Mac, released a tainted copy of their software over the weekend (2.90,) which included a malicious ransomware payload called KeRanger that will wait for three days and then encrypt all the documents and pictures on the system with a key that you have to purchase in order to get your data back.
The company behind Transmission immediately issued a new release (2.92,) which includes code to remove KeRanger if it’s installed before it goes to work. So basically if you installed Transmission on Saturday grab the update or your files are going to get hit.
Once the files are encrypted you can pay $400 to get them back and help future generations of malware programmers develop worse software.
Palo Alto Networks tends to indicate that it may not be an infected copy of Transmission so much as a single document that was located inside the .DMG package that looks like an RTF but is actually a program.
The malicious software was live on Transmission’s website from 11am PST March 4, 2016 through 7pm March 5, 2016, and it appears the malicious software included was signed by a different developer.
The link to Palo Alto Networks above also contains how to locate if you’ve been infected, so if you use Transmission and are wondering, go ahead and check.
Currently backups should be fine, but they say there’s evidence in the code that they may be getting ready to scramble Time Machine backups.[Reuters]