First ransomware on Mac OS X debuts on free BitTorrent client Transmission

vbimport

#1

We’ve just posted the following news: First ransomware on Mac OS X debuts on free BitTorrent client Transmission[newsimage]http://www.myce.com/wp-content/images_posts/2016/03/Mac-Large-95x75.png[/newsimage]

This weekend was the first time that ransomware successfully made victims running Apple’s Mac OS X. Security experts of Palo Alto Networks discovered that the popular free BitTorrent client Transmission was infected with KeRanger ransomware.

            Read the full article here: [http://www.myce.com/news/first-ransomware-on-mac-os-x-debuts-on-free-bittorrent-client-transmission-78783/](http://www.myce.com/news/first-ransomware-on-mac-os-x-debuts-on-free-bittorrent-client-transmission-78783/)

            Please note that the reactions from the complete site will be synched below.

#2

Very worrying. :eek:

Not because it infects OSX - the lack of malware for Macs just reflects the relative obscurity of the operating system. There is no magic power which protects Macs from malware, just sensible default user permissions (take note Microsoft).

The alarming part is how on earth did an official release of a long established & reputable piece of open source software become infected?

A simple web site hack & file substitution? Or did a Black Hat successfully infiltrate the group of developers behind Transmission?

Probably the former. The latter would be a nightmare scenario for the open source community, with potentially very serious consequences. :iagree:


#3

[QUOTE=Ibex;2769689]Very worrying. :eek:

Not because it infects OSX - the lack of malware for Macs just reflects the relative obscurity of the operating system. There is no magic power which protects Macs from malware, just sensible default user permissions (take note Microsoft).[/QUOTE]Really Microsoft worry…it’s the users whom click on anything that causes the infections. The blame isn’t Microsoft the user is the one that caused the infections.

[QUOTE=Ibex;2769689]The alarming part is how on earth did an official release of a long established & reputable piece of open source software become infected?[/QUOTE]I doubt this was the only ransomware to suddenly get news. There’s probably more just that people don’t want to admit it was there already. If they did so that would mean Mac isn’t so secure as they like to think it is.

[QUOTE=Ibex;2769689]A simple web site hack & file substitution? Or did a Black Hat successfully infiltrate the group of developers behind Transmission?

Probably the former. The latter would be a nightmare scenario for the open source community, with potentially very serious consequences. :iagree:[/QUOTE]If someone want to break something that bad they will find a way. No O/S is immune or for that part any software…


#4

[QUOTE=coolcolors;2769707]Really Microsoft worry…it’s the users whom click on anything that causes the infections. The blame isn’t Microsoft the user is the one that caused the infections.
[/QUOTE]
For many years I was satisfied that being careful was sufficient - I didn’t even run anti-virus software until well after the turn of the century. And it worked. I have never encountered an infection on my computers. ([I]Nobody[/I] can honestly claim a 100% record - you won’t see the really serious malware).

But so much has changed in the past decade. These days it is all to easy to become infected without clicking on anything. :wink:

With a standard user account the consequences [I]should[/I] be limited to that user and those directories to which they have permissions. To infect the system as a whole it would need a vulnerability in the OS or installed software to exploit, or the system to already be compromised.

But with an administrator account the entire system is accessible.

Or to put it another way… When a family member brings you their infected laptop to fix, it is the difference between creating a new user account, copying documents across & deleting the old one, and spending 2-3 days reinstalling everything!


#5

[QUOTE=coolcolors;2769707]
If someone want to break something that bad they will find a way. No O/S is immune or for that part any software…[/QUOTE]
:iagree::iagree:

The most secure system is one which is physically inaccessible - locked away in a vault with no cables connecting it to anything else and no wireless transceivers. And only switched on when absolutely necessary.


#6

I’m not at all concerned about the fact that malware is available to Macintosh. Contrary to popular belief, this is not the first malicious program made for the Mac (I suppose the next time a virus is made for Mac, it will be the “first”, like wise for the next one, and the next one, etcetera).

What does disturb me is the fact that a libre program is responsible. Obviously, someone must have infiltrated Transmission’s development, either by cracking the website, or by posting the source code in plain site.


#7

[QUOTE=Ibex;2769762]But with an administrator account the entire system is accessible.

Or to put it another way… When a family member brings you their infected laptop to fix, it is the difference between creating a new user account, copying documents across & deleting the old one, and spending 2-3 days reinstalling everything![/QUOTE]

I think the ‘TrustedInstaller’ and ‘System’ accounts would be a better start for total system-wide access, but the Administrators group would definitively be enough for the user to have to reinstall the system.

The most secure system is one which is physically inaccessible - locked away in a vault with no cables connecting it to anything else and no wireless transceivers. And only switched on when absolutely necessary.[/QUOTE]
:iagree: As long as you communicate at all, you will always be vulnerable :iagree:

As written earlier, the obscurity of a system will always determine how vulnerable it is. In that context it should come as no surprise that at both ends, M$ is worst off and various Linux distros will sail along with no sign of malware at all. It still does not mean that the latter is invulnerable, only that they have so far not been exploited. If you surf using an ancient system, you will likewise be safe as there is no code tailored for the system on the net today, but there will of course be other inconveniences doing it that way (lack of i.e. Flash/HTML5 support or other).

In the coming years, Apple will be put on an ongoing and thorough security test as they have come above the radar and are a feasible target for whatever the malware-coder(s) want to achieve. I suspect Apple will have a hard time saying it is ‘the first time’ for very long…

With that being said, there is a good side-effect arising from such ‘non-controlled’ security tests (that is how we should view exploits) and that is more secure operating systems in the future. That is, if the company takes it seriously - which may come as a rude wake-up call… $0.02