Some copies of Transmission, a popular OS X Bit Torrent client, have reportedly been infected with a ransomware program, according to security researchers Palo Alto Networks:
The KeRanger application was signed with a valid Mac app development certificate; therefore, it was able to bypass Apple’s Gatekeeper protection. If a user installs the infected apps, an embedded executable file is run on the system. KeRanger then waits for for three days before connecting with command and control (C2) servers over the Tor anonymizer network. The malware then begins encrypting certain types of document and data files on the system. After completing the encryption process, KeRanger demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files. Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data.
Oof. At least that 3-day waiting period gives a window for folks to remove the infected apps. I checked all three of my Macs, which all had the reportedly infected version, but none of them appeared to include the malware. It’s a good idea to do the same if you’re concerned. Instructions for checking are at the address above, and at Transmission’s website.