“The recent news that the popular torrenting app Transmission had been compromised to include ransomware shocked many OS X users,” Jim Lynch writes for CIO. “This is one of the first times that OS X has been directly targeted for such a malware attack.”
“And it has some OS X users, myself included, wondering if it might be a better idea to stick with the Mac App Store instead of downloading software from third party Web sites,” Lynch writes. “I know that a lot of people are down on the Mac App Store, and some developers have even removed their software for one reason or another. But I still think it can be quite useful and I’ve tried to get most of my software there for the last few years.”
“However, until the Transmission ransomware, I didn’t think twice about installing software from outside of the Mac App Store. But those days are over,” Lynch writes. “After I did my clean install of OS X El Capitan, I changed my security settings to allow app installs only from the Mac App Store.”
Read more in the full article here.
MacDailyNews Take: Great in theory until you need software that’s not available via the Mac App Store (which is all too often the case).
For Transmission users only:
Transmission’s website (https://www.transmissionbt.com) states:
Everyone running 2.90 on OS X should immediately upgrade to and run 2.92, as they may have downloaded a malware-infected file. This new version will make sure that the “OSX.KeRanger.A” ransomware (more information available here) is correctly removed from your computer.
Users of 2.91 should also immediately upgrade to and run 2.92. Even though 2.91 was never infected, it did not automatically remove the malware-infected file.
SEE ALSO:
7 steps to protect yourself from over-hyped Mac ‘ransomware’ threat – March 7, 2016
Mac users targeted in first known OS X ransomware scam – March 6, 2016
I’d say the Transmission malware attack is more social engineering than anything. If someone is crazy enough to download from those sites they deserve what they get.
Right. There have been many reports of malware included in torrents of password-broken apps and stolen music and video. Sort of a rude kind of justice. 🙂
Tell me something I don’t know.
MDN hits the nail right on the head: there are many good apps, from reputable developers, which are smply not on the App Store. One such category is open source software (the excellent audio recording/editing app ‘Audacity’ comes to mind).
And those good apps by reputable developers are open to the same issue. I hope what they’re reading today keeps them on their toes.
I know if it were me, no amount of “We’re sorry” would pay for allowing me to be extorted for their poor security choices.
I’ll continue to download the third-party apps I want from trusted developers, rather than the Mac App Store.
Sorry, but I wouldn’t have considered the Transmission app to be from a trusted developer, as it’s associated with BitTorrent, a widely used source of stolen software and audio/video files many of which contain other malware.
It’s probably too late, but this is exactly why Apple should get its act together with the App Store.
Most pigeons know that if you eat squirell poop, sometimes you get nuts.
I wish it was possible to only use the Mac App Store. It is not, for many reasons. The problem here is: How did the bad guys break into the download site for Transmission and swap bad for good? That has to be prevented in the future. It should NEVER have happened.
As someone above has already said. Buying from the app store makes sense but its not always possible.
The store is based on certificates being validated by Apple. So what happens when in 5-10 years time when Apple no longer validates the certifcate. The trusted software will no longer function. Its put out to pasture like our older 2007 MacBook Pro 17″ computers.
For that reason I’m avoiding purchase through the Apple Store. It’s already happened with some versions of software that need to be stepped back to allow it to be run on an earlier OSX.
I play World of Warcraft, Guild Wars 2, and other things. A good chunk of the apps I use aren’t in the App Store.
The one malware that got to be an issue for me was the Offers4U adware. It shows up in the system as a Facebook browser extension, which doesn’t show up in the normal extensions in your web browser. Just reset your web browser to get rid of the adware.
Install Homebrew, MacPorts, and upgrade Xcode. Then the three steps can be taken to continue going beyond the Mac App store. Which has repeatedly been deteriorating since 2009.
1) This helps you avoids the Mac App Store but stays secure with vetted open-sourced developer approved applications.
2) If installing from a non-Mac app store website, make sure the URL is https and has an up-to-date security certificate with at least 128-bit encryption. Also, make sure the developer has not abandoned the software or website.
3) Torrents are insecure now, in 2016. It is better to download software or files that are from legit sources.