For the second time in five months, the Transmission BitTorrent client for Mac has been infected with malware software.
The malware, named OSX/Keydnap is designed to steal its contents Keychain on OS X systems and to keep a permanent backdoor open.
According to ESET researchers who discovered malware:
"During the duration In the last few hours, OSX/Keydnap has started to be distributed by a trusted website, via a recompile of the open source BitTorrent client Transmission.”
The good news is that "within a few minutes" of the notification n team of Transmission removed the malicious files from their server. The bad news is that it is known how many people have downloaded the app.
Malware has a digital signature of 28 in August, so ESET advises anyone who downloaded Transmission 2.92 from 28 to 29 August to remove it directly from his system.
If you think you will be infected, check for any of the following files or folders on the paths:
/Applications/Transmission.app/Contents/Resources/License.rtf /Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/icloudsyncd $HOME/Library/Application Support/com.apple.iCloud.sync.daemon/process.id $HOME/Library/LaunchAgents/com.apple.iCloud.sync.daemon.plist /Library/Application Support/com.apple.iCloud.sync.daemon/ $HOME/Library/LaunchAgents/com.geticloud.icloud.photo.plist
If you see these files according to ESET says your system is infected.
If you have OSX / Keydnap on your system, you can remove it with a trusted antivirus. There is also a script on GitHub which you can run through the OS X terminal to delete the malicious software.