The malicious copy of Transmission was signed using an Apple developer certificate that appears to be owned by Igor Shaderkin, and someone by the same name has several medical apps in the iOS App Store. Thus, as with KeRanger, which was also quickly detected and taken down, the total number of people infected is likely to be small, though that’s no consolation to those few. According to ESET, the malware appears to have been distributed only since around August 28th or 29th, and was quickly taken down by the Transmission team after being notified of the issue. The recent incident was discovered by ESET, the original discoverer of Keydnap. Transmission has once again become a vector for the transmission of malware – in this case, a new variant of the Keydnap backdoor. That incident was very well-publicized, as the malware being distributed this way was the KeRanger ransomware, which is currently the only real ransomware ever to affect the Mac platform.Īlmost exactly six months later, the story has repeated.
In March, the website of the Transmission torrent client was hacked, and a maliciously-altered copy of Transmission was uploaded in place of the real one.