Reuters reports that the first Mac ransomware found in the wild has been discovered in version 2.90 of Transmission, the popular Mac BitTorrent client. Over the weekend, a notice appeared on Transmissionbt.com warning their users that the above version may have been infected with malware.
The notice read:
Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file.
Using “Activity Monitor” preinstalled in OS X, check whether any process named “kernel_service” is running. If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users//Library/kernel_service”. If so, the process is KeRanger’s main process. We suggest terminating it with “Quit -> Force Quit”
Ransomware, one of the fastest growing threats in the cyber arena, encrypts data on an infected machine, and then typically requires users to pay a ransom in a hard-to-trace digital currency in order to receive an electronic “key” to allow users to once again access their data. This attack is the first time it has been seen on the Mac OS X operating system.
The ransomware is said to have a three day delay built-in before encrypting a user’s hard drive, so reports from affected users could begin to roll in as early as Monday. Transmission users who fear they may be infected can visit the Transmission website for instructions on how to tell if their Mac is infected.
Reuters reports Apple is aware of the issue, and has already revoked “a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs.”
(Via MacRumors)