BitTorrent is a go-to program for people to download and upload files using Peer-to-Peer connections. While it is a great choice for Windows users, Mac computer owners might not be too happy about the recent developments pertaining to the application. This is because for the second time in just a span of five months, the client for Mac computers has been infected with malware.
BitTorrent for Mac Gets Infected With Malware for the Second Time in Five Months
The BitTorrent malware for Mac, which is dubbed as the OSX/Keydnap, is a pretty nasty virus to have. It is designed to steal the contents within the OS X system keychain. Furthermore, it can even maintain a permanent backdoor connection. Just within a few hours, said malware crawled its way into Transmission, which is the BitTorrent client for toe OS X system.
According to the researchers at ESET that were able to discover the malware, they have reported the following: “During the last hours, OSX/Keydnap was distributed on a trusted website, which turned out to be “something else”. It spread via a recompiled version of the otherwise legitimate open source BitTorrent client application Transmission and distributed on their official website.”
Still, it doesn’t mean that there is no ray of hope as to what was discovered, especially if you’re a Mac owner. The good news here is that “within minutes” of being notified that a rogue version of Transmission was detected, the developing team immediately removed the file from their web server. The bad news, however, it is still unclear (at the time of writing) as to how long that said rogue version has been online or how many people have already downloaded the file.
It has been reported that the malware-infected version of Transmission has a digital signature that date to the 28th of August. Therefore, ESET is advising anyone who has downloaded the client’s version 2.92 between the dates of August 28 to 29 that their systems might be compromised.
If you have downloaded the BitTorrent client Transmission during these dates, then you might want to check for the existence of any of the following files or directories: /Applications/Transmission.app/Contents/Resources/License.rtf, /Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf, $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd, $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id, $HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist, /Library/Application Support/com.apple.iCloud.sync.daemon/, $HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plist. Should you see any of these items, then ESET states that it means the malicious version of the client was already executed and “Keydnap is most likely running.” Running a scan from a trusted anti-virus software should do the trick in removing the malware.
Share This on Facebook