You may recall an earlier infected version of the BitTorrent client Transmission. History has now almost repeated itself: this time it has been discovered that a recent version of Transmission has come with OSX/Keydnap as a free if highly unwanted gift for your Mac.
If you downloaded Transmission v2.92 on 28 or 29 August 2016, you may well have an infected version, which might have compromised your Mac. Look for any of the following files or folders:
- ~/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd
- ~/Library/Application Support/com.apple.iCloud.sync.daemon/process.id
- /Library/Application Support/com.apple.iCloud.sync.daemon/
If any of those exists, or the file which you downloaded was named
Transmission2.92.dmg, then you probably have Keydnap. Unfortunately, yet again, the compromised version is validly signed, so it would have passed Gatekeeper’s checks.
The compromised download has now been replaced by the correct file
Transmission-2.92.dmg – which contains an all-important hyphen.
Full details are at ESET’s WeLiveSecurity blog.
Thanks to ESET, Claud Xiao, and Patrick Wardle for the information.