Earlier on we discussed about the KeRanger, the very first ransomware to hit Apple Mac users running OS X. This ransomware encrypts data on the devices or machines it gains access to (running OS X), and then force their respective owners to make payment of approximately $4.00 per computer to get access to their files. The hackers actually require payment in Bitcoin, which makes it difficult to trace. According to the Transmission website;
Everyone running 2.90 on OS X should immediately upgrade to 2.91 or delete their copy of 2.90, as they may have downloaded a malware-infected file.
Users who have directly downloaded Transmission installer on or before March 5 2016 are advised to perform the following security checks:
- Using either Terminal or Finder, check whether /Applications/ / or /Volumes/Transmission/ / exist. If any of these exist, since the Transmission application (2.90) is infected, deleting the infected version is reccomended.
- Using “Activity Monitor” preinstalled in OS X, check whether any process named “kernel_service” is running. If so, double check the process, choose the “Open Files and Ports” and check whether there is a file name like “/Users//Library/kernel_service” (Figure 12). If so, the process is KeRanger’s main process. We suggest terminating it with “Quit -> Force Quit”.
- After these steps, we also recommend users check whether the files “.kernel_pid”, “.kernel_time”, “.kernel_complete” or “kernel_service” existing in ~/Library directory. If so, you should delete them.
Some anti malware such as Malwarebytes for Mac have been updated to scan for the KeRanger as well, click here to download. Mac users running Avira antimalware should also run a scan on their system as well, download here. Sophos antivirus also is a good anti malware, download here.
You could also try out BlockBlock, though currently still a beta product, this anti malware got your back! Download BlockBlock here.
Malware installs itself persistently, to ensure it’s automatically re-executed at reboot. BlockBlock continually monitors common persistence locations and displays an alert whenever a persistent component is added to the OS.