A number of Mac computers have been infected with a virus described as the ‘first of its kind’.
Described as ‘ransomware’, the attack happened with tainted software of Transmission, a lightweight Mac client for torrents, downloaded through the official site of the software.
If you’ve not heard of ransomware before, you’re forgiven. The virus aims to lock you out of certain aspects of your computer (usually personal documents, family photos, music, that sort of thing) and demanding you pay hundreds of pounds to gain access again.
KeRanger, the name of the virus, was downloaded nearly 7,000 times before the developers were able to stop the attack. Cyber security experts have warned that this is only the beginning of these sorts of breaches.
Here's how to find out if you're about to be held to cyber ransom and stop it...
Using the Finder, head to:
/Applications/Transmission.app/Contents/Resources/ and /Volumes/Transmission/Transmission.app/Contents/Resources/ and look for a file called “General.rtf”. If the file exists in either directory, the copy of Transmission is infected and the app should be deleted.
Look for a process called “kernel_service” running in Activity Monitor. Double-click the it and choose “Open Files and Ports”. If there’s a file there under “/Users//Library/kernel_service,” that’s the main process used by KeRanger. You should force-quit the app.
You should also check for files “.kernel_pid,” “.kernel_time,” “.kernel_complete,” and “kernel_service” in the Library directory (head to the Finder and from the “Go” menu, hold Alt) deleting them if they exist.
While not officially a step, updating to Transmission’s version 2.92 will do exactly the same as this step by step guide, deleting the infected files. Just make sure to launch the new version of Transmission for the fix to run.