Transmission BitTorrent app once again infected with malware

Gatekeeper (Image credit: iMore)

Transmission, the popular Mac BitTorrent client that everyone only ever uses to download totally legit open source files, has once again been hijacked to serve malware. Perplexingly, it sounds like it was hijacked in the same way as last time.

ESET research reports:

Last month ESET researchers wrote an article about a new OS X malware called OSX/Keydnap, built to steal the content of OS X's keychain and maintain a permanent backdoor. At that time of the analysis, it was unclear how victims were exposed to OSX/Keydnap. To quote the original article: "It could be through attachments in spam messages, downloads from untrusted websites or something else."During the last hours, OSX/Keydnap was distributed on a trusted website, which turned out to be "something else". It spread via a recompiled version of the otherwise legitimate open source BitTorrent client application Transmission and distributed on their official website.

I've never liked BitTorrent because it always felt like I was shoving a naked connection out onto the Internet. (I'm ridiculous that way.) This kind of thing only adds layers of tin to my foil hat. That's especially true because the way in which Transmission is being hijacked negates the defenses Apple builds into macOS (née OS X), including Gatekeeper.

Christina Warren, writing for Gizmodo (yup!):

It's not clear what is happening with Transmission, but at this point, I don't feel super comfortable recommending users use the software, at least, on the Mac. It's not acceptable for a major application—open source or not—to get hijacked this way twice in under six months.

If you think you might have downloaded Transmission while it was infected, Christina also tells you how you can check to make sure, and what you can do to disinfect if you have to.

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

  • Would be nice if Apple made it possible to have this in the Mac App Store. Yes it's primarily designed for "naughty things" - but so can many other apps. Safari is a great way to browse ****. Apparently. At what point do App Store Rules put Mac users in danger because they can't get their software from a reliable source?
  • That is a very good point. I am sure it has something to do with their agreements with content providers. I like that the article author says, "The fact that the vector for attack was the same as last time seems to paint the picture of a project that either doesn’t know what it’s doing from a technical level, or simply doesn’t care." Couldn't there be another issue? Could it not be a rogue employee within the team, or worse yet, their new m/o? Sent from the iMore App
  • Apple would probably believe this is only for piracy just like copyright holders believe it as...
    Truth is, its only a client to share "anything u like" so why the former gets heated up 90% is beyond me...And everyone take it in as a "well if u use Transmission, uTorrent etc, then u are using it for pirated stuff" kind of thing, when it's not only used for this...
  • It's such a shame, Transmission is my favorite client. The rest tend to have an overloaded interface, or have ads, or are just plain ugly. Transmission fits nicely within the OSX UI and has a nice minimalistic interface where I can just see what I want. Despite this news (again), I'll still continue to use this client, I'll just be much more cautious with updating
  • if u ask me, there is something up with the servers than just deleting the image every time.... If it's been infected again in this short time span, then there is something far worse happening i reckon.