First Mac OS X ransomware found in the wild

News by Danielle Correa

The first known OS X ransomware has been spotted on OS X torrent client Transmission.

The first known case of ransomware on OS X has been spotted in torrent client Transmission, which has millions of users. 

Ryan Olson, threat intelligence director at Palo Alto Networks claimed the ransomware which appeared on Friday 4 March, came attached to the torrent client app, Transmission.

KeRanger embeds itself in the victim's Mac and encrypts the hard drive. Victims are being asked to pay 1 Bitcoin to regain access to their data. The malware imposes a lockout window of 72 hours unless payment is made.

Researchers believe that the attackers were able to hack the Transmission website since it was served through HTTP instead of HTTPS. Once informed of the ransomware on 4 March, Apple moved quickly to control it by revoking the certificate it uses and making it so the infected app will no longer install.

Transmission posted this message on its website: "Everyone running [version] 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file." 

As of now KeRanger has only been found in the Transmission app, but over time if it becomes widespread, the malware could additionally affect other common Mac apps.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews