Tuesday, 8 March 2016

#Ransomware is now infecting #Mac users. Be very careful downloading software available for free on the internet.

"According to Xiao, the Transmission app – a BitTorrent client – was infected to include this ransomware. The infected app was distributed from the official Transmission website, but with a different code signature than the normal one previously used to sign the Transmission app, implying that the app itself had been modified and re-signed by the attacker (although this has not yet been confirmed).
The modified copy of Transmission includes a file named General.rtf, which is actually an executable file rather than the rich-text document it pretends to be. When the app is launched, this file is copied to a file named kernel_service in the user Library folder (which is hidden by default on recent versions of OS X)."

Read the full story here: https://blog.malwarebytes.org/mac/2016/03/first-mac-ransomware-spotted/