Mac Ransomware spread via Transmission Client

Discussion in 'malware problems & news' started by Secondmineboy, Mar 6, 2016.

  1. Secondmineboy

    Secondmineboy Registered Member

    Joined:
    Jan 1, 2016
    Posts:
    83
    Location:
    Germany
    http://9to5mac.com/2016/03/06/first...ciously-encrypt-hard-drives-on-infected-macs/

    In can encourage every Mac user to look at these free tools: https://objective-see.com/products.html
     
  2. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
    Wait.... does't Mac's install apps from trusted repos like Linux does? Or is that done only on iOS?
     
  3. Secondmineboy

    Secondmineboy Registered Member

    Joined:
    Jan 1, 2016
    Posts:
    83
    Location:
    Germany
    Well all apps with a valid dev certificate are allowed to run through Gatekeeper, which in this the certificate from Transmission seems to have been misused in some way.

    And also if you download an app no matter what youll get prompted that the file was downloaded online and if you really want to run it.

    BUT in this case i guess (I dont use Transmission) the in program updater may have been used and in that case nop security features of OSX seem to catch this malware that has been downloaded together with the app update.
     
  4. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,966
    Location:
    Brasil
    That could be the case, although I remember seeing a thread here that showed how easy it is to spoof Apple's certificate check.

    Yeah, that is the problem with not using repositories (Windows and Mac), because regular users will run the files anyway hehehhehe
     
  5. Secondmineboy

    Secondmineboy Registered Member

    Joined:
    Jan 1, 2016
    Posts:
    83
    Location:
    Germany
    But i can tell that Apple hired some good people like the developer of Edward Snowdens most used Chat app and some of the devs of the Thunderstrike Malware/Exploit as well to beef up OSXes security alot i hope :)
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
     
  7. Secondmineboy

    Secondmineboy Registered Member

    Joined:
    Jan 1, 2016
    Posts:
    83
    Location:
    Germany
    Its nice to see that both Apple as well as Transmissions staff reacted so fast to not let this escalate to a much bigger scale.

    But we will see much more like this really soon.
     
  8. Secondmineboy

    Secondmineboy Registered Member

    Joined:
    Jan 1, 2016
    Posts:
    83
    Location:
    Germany
  9. AutoCascade

    AutoCascade Registered Member

    Joined:
    Feb 16, 2014
    Posts:
    624
    Location:
    United States
  10. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,270
    Location:
    England
    http://news.softpedia.com/news/kera...ly-linux-encoder-ported-for-macs-501507.shtml

     
  11. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,238
    There is the Mac App Store, but you don't have to use it. You can also download apps with your browser.
     
Loading...