transmission
Transmission macOS installer distributed KeRanger ransomware
The official Transmission BitTorrent website was compromised, and attackers replaced the macOS installer for version 2.90 with a malicious disk image. Users following the trusted download path received OSX.KeRanger ransomware, which encrypted files after installation and made the release channel the first stage.
- Date
- 2016-03-04 to 2016-03-06
- Category
- Open Source
- Target Surface
- Distribution
- Insertion Phase
- distribution
- Impact
- Financial Exploitation
- Cause
- Compromised Infrastructure
What Was Affected
Package
transmission
LanguageBinary
ComponentApplication
Artifact typebinary archive
Domain typeproject download host
Domain
transmissionbt.com
Repository
github.com/transmission/transmission
Compromised Versions
- 2.9
Incident Context
- Motive
- Financial Gain
- Attribution
- Cybercriminal Gang
- Transitive
- No
- Observed Duration
- 2 days
Evidence
Compromised Artifacts
- download.transmissionbt.com/files/Transmission-2.90.dmg
- updates.transmissionbt.com/Transmission-2.90.dmg
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha256:7552f29459368037868f5b7cf09884080831079276a4647682a8aac86e0b95e7sha256:2eef2cf8a39e98e91b09d24602c662598f39b449aa9b5f3ac6ea19690033a3c1
Source Data
Source record: oss/transmission/2016-03/meta.yaml