The first known case of ransomware on OS X has been spotted in torrent client Transmission, which has millions of users.
Ryan Olson, threat intelligence director at Palo Alto Networks claimed the ransomware which appeared on Friday 4 March, came attached to the torrent client app, Transmission.
KeRanger embeds itself in the victim's Mac and encrypts the hard drive. Victims are being asked to pay 1 Bitcoin to regain access to their data. The malware imposes a lockout window of 72 hours unless payment is made.
Researchers believe that the attackers were able to hack the Transmission website since it was served through HTTP instead of HTTPS. Once informed of the ransomware on 4 March, Apple moved quickly to control it by revoking the certificate it uses and making it so the infected app will no longer install.
Transmission posted this message on its website: "Everyone running [version] 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file."
As of now KeRanger has only been found in the Transmission app, but over time if it becomes widespread, the malware could additionally affect other common Mac apps.