OS X Malware: First Mac ransomware hits Transmission client’s users: Researchers

By Steve Pak, | March 06, 2016

Mac OS Logo

Mac OS Logo

Ransomware that targets Apple's OS X has been discovered by a security research company due to the fact the malicious software encrypts files and makes a demand for money. Palo Alto Networks discovered the Mac malware and the security firm expects more Mac ransomware to show up. Past ransomware attacked Windows PCs and mobile devices.  

Like Us on Facebook

Palo Alto Networks announced the discovery of the OS X ransomware on March 6, Sunday. Ryan Olson reported it was the first of its kind. He also told Ars Technica that he expects other Mac ransomware to show up after the first one was discovered.

KeRanger malware launches a 72-hour lockout window if the victim does not pay 1 bitcoin ($410). The malicious software was discovered through an unofficial version of the Transmission BitTorrent client.

Ransomware has been infecting Windows devices for quite a while by threatening total data deletion unless the victim pays the ransom. In June 2015 the FBI reported 992 victims of CryptoWall ransomware who had total losses of more than $18 million, according to Ars Technica.

Some Transmission users noticed on the evening of March 5, Saturday that version 2.90 of Transmission was infected with ransomware. The company then posted a message on its website that people running version 2.90 on OS X should upgrade to version 2.91 or delete 2.90 because they could have obtained a malware-infected file.

Palo Alto Network's Jin Chen and Claud Xiao reported that the KeRanger application was signed with a valid Mac App development certificate. It could thus bypass Apple's Gatekeeper protection.

After installing the infected apps the executable file would run on the system. KeRanger then waited for three days before linking to command and control (C2) servers.

Palo Alto Networks reported the Mac ransomware to Apple on March 4, Friday. Apple has taken back the certificate and Transmission Project has taken down the malware installers from its site.

In related news the Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 in bitcoin after its computers were infected with ransomware, according to The Guardian. The hospital lost access to computer systems on February 5, Saturday after a hack attack installed a virus. 

Here's more details about the LA hosptial ransomeware:


©2025 Telegiz All rights reserved. Do not reproduce without permission
Real Time Analytics