transmission
Transmission macOS installer distributed Keydnap backdoor
Months after the KeRanger incident, Transmission's website was compromised again. This time, the legitimate macOS installer for version 2.92 was replaced with a malicious version containing the OSX/Keydnap backdoor. Keydnap aimed to steal keychain credentials and establish persistent remote access.
- Date
- 2016-08-28 to 2016-08-30
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Data Exfiltration
- Cause
- Compromised Infrastructure
What Was Affected
Package
transmission
LanguageBinary
ComponentApplication
Artifact typebinary archive
Domain typeproject download host
Domain
transmissionbt.com
Repository
github.com/transmission/transmission
Compromised Versions
- 2.92
Incident Context
- Motive
- Credential Theft
- Attribution
- Cybercriminal Gang
- Transitive
- No
- Observed Duration
- 2 days
Evidence
Compromised Artifacts
- download.transmissionbt.com/files/Transmission-2.92.dmg
- updates.transmissionbt.com/Transmission-2.92.dmg
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha256:f06ac9609c3a8b00a7586840e990153460f8de9526e91a1a6ab733c850d5c83fsha256:c5e5ec89c5517b50d848b6a6d4f86ed74715a715a015c6d38d789addcffea6b3
Source Data
Source record: oss/transmission/2016-08/meta.yaml