Welcome to Reddit,

Transmission, is it safe?
Thank You for Submitting Your Review,! Thank you for your feedback! Discussions focused on topics covered in other subreddits may be removed see Related Links below This is not a place to discuss DDL sites. Login or create an account to post a review. Read the full story on Malwarebytes Labs This post is more than 30 days old and has been locked. Opening an infected app may not be a very smart idea.

Editors' Review

SAFE Transmission Browser & System Requirements

Follow This App Developer website: Older OS X Next time, install Transmission with 1-click Learn how MacUpdate Desktop can install apps on MacUpdate with the simple click of the icon. See discussion Is transmission safe to use? See discussion How to fix trouble with Transmission? Transmission is a fast, easy, and free multi-platform BitTorrent client. Requirements for Transmission OS X No similar apps have been recommended yet.

No further comments are allowed. Snake, also known as Turla and Uroburos, is backdoor malware that has been around and infecting Windows systems since at least It is thought to be Russian governmental malware and on Windows is highly-sophisticated. It was even seen infecting Linux systems in Dok dropper that behaves altogether differently and installs a completely different payload.

Most Mac malware tends to be unsophisticated. Although it has some rather unpolished and awkward aspects, a new piece of Mac malware, dubbed OSX. Dok, breaks out of that typical mold. A Malwarebytes employee has spotted a new iCloud scam attempt. Transmission now prompts to a 2. Arstechnica has some info: For those of you who are infected, please, isolate the executable and send it me for inspection, can't promise anything but I want to look into it.

Can't if it's infected, but they have the download for 2. Here's the link for you, https: Samples can be found here: J-Christ, I got the popup to update to 2. Luckily I'm still on 2. If you guys want to check whether you're on 2. Opening an infected app may not be a very smart idea. A, is ransomware - one of the first ramsomwares, if not the first, to affect a Mac! They inject it there, some people don't see it coming, are successfully targeted and a part of the profits goes to the team.

AFAIK as I know that piece of malware shows no worm behavior, which makes me think someone injected it there on purpose. I'm deleting Transmission from my MacBook, even tho I am on 2. That software is simply not trustable anymore. Two versions of the software developed on March 4 download are infected, reports Palo Alto Threat Intelligence.

Three days after the installation of Transmission, the malware will connect to a command and control server C2 via the Tor network. The files that it tries to encrypt are many - more than different types, some of which are here:.

To check if you have downloaded a compromised version of the software, go to the Utilities folder in your Applications and launch the Activity Monitor. In the search, enter:. If you find this process, click the "i" button in the window of the Activity Monitor, go to File, "Open Ports"? If you find this, force-quit it and update Transmission.

That is KeRanger, which you've eliminated by force-quitting and crushing the compromised version of Transmission. More info in English here.

Seems updating through the app if successful was fine. Someone in the forums had issues updating through the app and decided to download directly from the website. It was then that they noticed the infection. I updated through the app without issues and didn't notice anything strange with the app or my computer.

I hope the transmission team explains it more in-depth soon. That issue was Transmission refused to update due to a bad signature Hopefully it serves as a reminder to all of us not to ignore red flags in the future. What I find strange, though, is that some of us had no issues updating through the app itself. It definitely shakes trust on the app, but I'll keep using it for now.

They got it fixed fairly fast from what I can see, but I'm still really worried as to how it got there in the first place. I really want the team to give us an update as to how it happened. It honestly sounds similar to the Linux Mint mess of a few weeks back. Either way, transparency is important. I hope they update soon with an explanation or something.

I'm hesitating to empty the bin now since it seems it was the downloaded build on the site that was infected and I don't want to lose my copy of the app-updated build. I updated in-app to 2. Not that they owe me anything but I hope for my own peace of mind they will have a solid answer as to how this happened and how it will be prevented in the future. I actually think it goes beyond owing anything to the end-user. We, the users, trust the devs with their app to run on our system.

On occasion we give some apps a lot of power to do what they do and the most responsible thing for devs to do is to keep these apps secure. If the app is compromised somehow, the most responsible thing is to be transparent about it, I think, and let the users know not only that they are in risk, but of what specifically. Transmission and any other BT client is, to me, a serious case because it's an open door to the internet. Usually I control what I download, but if the client is compromised I'd like to know what else it could potentially download to my computer unbeknownst to me and potential effects.

This is sparks a bigger change in my mind about how much I appreciate the confidence of iOS's security and it's starting to make OS X feel more and more like a dated mess.

The people that reported the malware in the forums found out about it because OS X refused to run the app after finding it had malware.

OS X's recommended course of action was to dispose of the application, so I guess that's actually pretty good. Fuck it I guess there's only one choice; Build an rtorrent home seedbox and just get it all outta my personal space. I've been thinking about it for a while I guess this is the impetus.

I've been thinking about this for a while also. Besides it being somewhat more secure, I think it's also way more convenient. This episode will definitely push me to do this sooner rather than later. CRTs really did nothing wrong. Doing this exact thing on a Raspberry Pi 2. You can even use Internet Connection Sharing to let it piggyback off your Mac's internet over Ethernet.

I have one that sits below my iMac and do similar since it's connected to my router over wifi. I've attempted this but it would seem the RPi2 would impede speeds too much.

The USB and ethernet port share the same bus. What kind of speeds do you get? The PI should still be capable of close to Mbit through its shared bus. If nothing else you can leave it on all night since it barely used any power and finish that way. I haven't checked in a while but I believe it was capped at my internet speed 25 Mbps. You may notice this effect more so with faster internet speeds. The Pine64 is a good alternative as well but I haven't played with one to know if it suffers the same bus issue.

I'm only able to type this now because I was able to erase and reinstall a earlier backup pre update via time machine. I think the dates for this are wrong. My last time machine update seems to have been March 2nd. Wednesday is when I suffered the crash. Doesnt Transmission still host on Sourceforge? That being said it should be perfectly safe to update via the application itself. If that doesnt work then i suggest not updating at all until this all gets sorted out.

Updated through the app in OS X What happens, does the virus do? EDIT nevermind saw picture link. No idea, to be honest. All that seems to be known is that the malware is named OSX. A, but there really isn't any info on it anywhere. Personally I'm more concerned as to how the malware got there than about what it does.

Thanks a ton for the article. It seems it was published during the day after this thread was initially posted, so I didn't come across it when searching about the malware. Just to be clear though, I do care what the malware does, but I also keep several backups of my machine, so I can revert and recover my files easily might not be the case for everyone. I say I'm more concerned as to how it got there in the first place because if it can occur again, it doesn't matter whether you can recover from it ir not.

I think that is a bigger vulnerability than being infected by the malware itself. Having said that, I checked the 2. I had updated in-app and never downloaded directly from the website. Yeha, gotcha - I'm in pretty much exactly the same situation. Just trying to spell it out since if anyone's just at "not sure", more information is better, and "I should backup now" is better than "lets wait and see".

The key was created on the 4th when the infected file was uploaded. This makes me to believe that someone hacked the website and replaced the legitimate file with the malicious one. Note that this may not be a reliable way to determine the version. I upgraded to 2. Instead, right-click the Transmission application and select Get Info and check the version there as well.

Finder doesn't update application version numbers immediately; you may have to relaunch it for that. Just to clarify, if I'm on 2. Thanks a lot for this post by the way. That is the general consensus until now, so yes. Did you install 2. I'm just taking his word to other people's ears too: I updated directly through the app when prompted a couple days ago, so I guess that's the better option of the two regarding previous posts.

And well thanks to everyone jumping on this to spread the word and keep other users safe from the malware! One thing you might want to add - if you're depending on backups, disconnect them from your system until this is over.

Even if you backup now, and your backup is also infected, it'll at least have your personal files still. Thanks for spelling it out and getting the message out there. I thought about it, but I've had a really long weekend, and was simply too lazy: I gotta say though, personally I'd hold off pointing fingers until the dust's settled. I have to think that only infecting the dmg, and not the bundle Sparkle uses for updates, indicates there was some limit to what the attacker was able to access.

That said, "delete it until the dust settles" is also pretty sane, I think. Assume I was infected and updated to 2. Meanwhile Time Machine had taken a backup of my system during the period it had the 2. Is there a risk of this Time Machine backup spreading the infection back or coming to bite me in the ass in the future?

You'd have to prevent osx updating its xprotect definitions. And then you'd need to open transmission, and ignore any errors you receive about the codesign being bad. The infected version is signed by a different cert which has already been revoked. So I do think it's possible. But as long as timemachine has made at least one snapshot since xprotect was updated on saturday, I do think it's very improbable. You'd have to want to. And I can't promise I've thought of everything that'd stand in your way.

Does that mean I don't have a compromised version, or could the malware just not be running or something?

What others are asking