Bakdörr i Transmission v2.92 för OS X

Säkerhet

12/09 2016

Ett kort tag mellan 28:e och 29:e augusti fanns en skadlig version av Transmisson v2.92 (Transmission tog bort den minuter efter att den upptäckts men då hade den varit uppe ett tag)

Om du vet att du uppdaterat eller laddat ned under denna period så kan den tas bort enligt detta sätt

How to remove OSX/Keydnap

To remove Keydnap v1.5, start by quitting Transmission. Then, in Activity Monitor, kill processes with any of the following names:

– icloudproc
– License.rtf
– icloudsyncd
– /usr/libexec/icloudsyncd -launchd netlogon.bundle

Remove the following files and directories:

– /Library/Application Support/com.apple.iCloud.sync.daemon/
– /Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist
– /Users/$USER/Library/Application Support/com.apple.iCloud.sync.daemon/
– /Users/$USER/Library/Application Support/com.geticloud/
– /Users/$USER/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist
– /Users/$USER/Library/LaunchAgents/com.geticloud.icloud.photo.plist

Remove Transmission from your system and redownload it from a trusted source. The Transmission website and binaries are now hosted on Github. You can verify the hash and the signature of the legitimate binary package with:

– “shasum -a 256” and compare with the one on the site and
– “codesign -dvvv” and verify if is signed by “Digital Ignition LLC” with team identifier 5DPYRBHEAR.

Källa:

http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/