Mac OS X Ransomware Detected in the Wild.
OS X users have today been hit with the first known case of Mac OS X ransomware, found in the Transmission BitTorrent client released last week. Infected versions of the app include ‘KeyRanger’ malware that will maliciously encrypt the user’s hard drive after three days of being installed. The malware then asks for payment to allow the user to decrypt the disk and access their data — the ‘Palo Alto Networks suggests a few other methods to check for the presence of the malware. Their post also includes a lot more detail on the technical implementation of the virus, so check out their post for more information. The security researchers suggest checking for the existence of the file ‘/Applications/Transmission.app/Contents/Resources/General.rtf’ or ‘/Volumes/Transmission/Transmission.app/Contents/Resources/ General.rtf’. If this file exists, the Transmission app is likely infected. You can also check for the existence of “.kernel_pid”, “.kernel_time”, “.kernel_complete” or “kernel_service” files in the ~/Library directory. Delete the files if they exist.