Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Transmission-contained 'KeRanger' ransomware downloaded 6,500 times

Transmission-contained 'KeRanger' ransomware downloaded 6,500 times
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Mar 7, 2016, 06:14 PM
 
The Transmission BitTorrent client developers have revealed more details about the malware-laden installer for its recent update. Following initial release, the developers claim that the main server hosting the download was attacked, with the compromised installer being substituted for the legitimate one at that time. However, the developers aren't commenting specifically on the avenue of attack on the server, beyond the end result of a disk image swap.

Transmission representative John Clay told Reuters and other venues that the new KeRanger ransomware package was downloaded about 6,500 times on Friday before the substitution was discovered. The package was coded to wait three days before contacting command and control servers through Tor, sending Mac model number, and UUID, which were probably used to derive an encryption key. Following successful communication with the control server, the malware would have started to encrypt documents stored on the host system, should it not have been removed in time or blocked by Apple's security measures put in place after the attack.

Documents encrypted by the malware were nearly every audio and video type, Microsoft documents, source code files, SQL databases, certificates, and compressed archives. Palo Alto noted that it also attempted to encrypt Time Machine backup files -- but without success. After completion, the malware informs the user that a ransom of one bitcoin must be paid to a specific address for decryption of the afflicted files.

Apple has since revoked the certificate of the developer who coded the malware, and blocked the malware from installation with a quiet security patch. Additionally, version 2.92 of Transmission automatically removes the ransomware binaries from an afflicted system.

Clay claims in today's statement that following the disk image swap "security on the server has since been increased." Additionally, he also told Reuters that the company is making "frequent contact" with both security researchers Palo Alto Networks, as well as Apple to further evaluate root causes and preventative measures, so such an attack doesn't happen again.
( Last edited by NewsPoster; Mar 16, 2016 at 05:45 AM. )
     
sunman42
Junior Member
Join Date: Nov 2011
Status: Offline
Reply With Quote
Mar 7, 2016, 06:17 PM
 
A moest proposal for the elimination of ransomware: ban all BitCoin transactions in the US. The federal government did the same, and enforces it, for offshore online gambling. Why not BitCoin, which exists only for (1) speculation, (2) drug and other black market transactions, and (3) ransomware?

What would we lose or fail to realize if all international financial transactions were monitorable?
     
DiabloConQueso
Grizzled Veteran
Join Date: Jun 2008
Status: Offline
Reply With Quote
Mar 7, 2016, 09:19 PM
 
I don't think you understand what BitCoin really is, because cold, hard cash can be and is used for speculation, drug and other black market transactions, and ransomware, so calling for the ban of a currency because of its potential (and actual) uses is hypocritical. Are you in support of banning cold, hard cash, too?

Also, you missed a perfect opportunity to lambast Bittorrent as an evil, piracy-enabling technology, as there are clearly no non-nefarious uses for it.

(I use both of these technologies on a semi-daily basis for 100% legitimate activities, as many others do as well)
     
Charles Martin
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status: Offline
Reply With Quote
Mar 7, 2016, 10:02 PM
 
DCQ: Your point about BitCoin is quite valid, but while BitTorrent has legit uses, let's not kid ourselves about what its used for 90+ percent of the time.

This is not to say BT or other P2P distribution systems should be outlawed, but rather to say that most users should probably not involve themselves with the usual uses of such technology: it is also one of the leading distribution systems for malware, because the people using it for its typical purpose -- pirating things -- are not concerned with security, and often pay the price for that. It does not surprise me that the makers of a tool used mostly for illicit purposes were equally careless about their server security.
Charles Martin
MacNN Editor
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 04:08 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,