Popular BitTorrent Client Transmission Gets Infected With Malware AgainChristina Warren8/30/16 4:00pmFiled to: Not AgainMalwareTransmissionBitTorrentMac AppsOS X509EditPromoteShare to KinjaToggle Conversation toolsGo to permalinkFor the second time in five months, the Transmission BitTorrent client for Mac has been infected with malware. AdvertisementThe malware, dubbed OSX/Keydnap, is pretty nasty. It’s designed to steal the contents of the OS X system keychain and maintain a permanent backdoor. And for a few hours, that malware found its way into the popular Mac BitTorrent client, Transmission.From the researchers at ESET who discovered the malware:AdvertisementDuring the last hours, OSX/Keydnap was distributed on a trusted website, which turned out to be “something else”. It spread via a recompiled version of the otherwise legitimate open source BitTorrent client application Transmission and distributed on their official website.The good news is that “within minutes” of being notified that a rogue version of Transmission was discovered, the Transmission team removed the file from its web server. The bad news is that it’s unclear how long the rogue version of Transmission was available or how many people could have downloaded the file. The malware-infected version of Transmission has a digital signature of Aug. 28, so ESET is advising anyone who downloaded Transmission 2.92 between Aug. 28-29 that their systems might be compromised.SponsoredIf you think you might be affected, check for the existence of any of these files or directories:/Applications/Transmission.app/Contents/Resources/License.rtf/Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf$HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd$HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id$HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist/Library/Application Support/com.apple.iCloud.sync.daemon/$HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plistIf you see this stuff, ESET says it means that the malicious version of Transmission was executed and that “Keydnap is most likely running.”AdvertisementIf you’ve got OSX/Keydnap running on your system, you can remove it by either running a virus scan from a trusted antivirus app like Norton AntiVirus or ESET CyberSecurity. There is also a gist on GitHub that you can run via OS X’s terminal to delete the malware.This would be a bad situation for any application. It’s just a bad look for your app to spread malware. But in this case, it’s even worse because this is the second time Transmission has been hijacked in less than six months. You may recall that in March, a rogue version of Transmission was bundled with ransomware.