For the second time in five months, the Transmission BitTorrent client for Mac infected with malware.
The malware, named OSX/Keydnap is designed to steal the contents of the keychain on OS X systems and to keep a permanent backdoor open.
According to ESET researchers who discovered malware:
"During the duration των τελευταίων ωρών, το OSX/Keydnap άρχισε να διανέμεται από μια αξιόπιστη ιστοσελίδα, μέσω της ανασύνθεσης του ανοιχτού code BitTorrent client Transmission.”
The good news is that "within minutes" of the notification the Transmission team removed malicious files from their server. The bad news is that it's known how many have downloaded the app.
Malware has a digital signature of 28 in August, so ESET advises anyone who downloaded Transmission 2.92 from 28 to 29 August to remove it directly from his system.
If you think you will be infected, check for any of the following files or folders on the paths:
/Applications/Transmission.app/Contents/Resources/License.rtf/Volumes/Transmission/Transmission.app/Contents/Resources/License.rtf $ HOME / Library / Application Support / com.apple.iCloud.sync.daemon / icloudsyncd $ HOME / Library / Application Support / com.apple.iCloud.sync.daemon / process.id $ HOME / Library / LaunchAgents / com.apple.iCloud.sync.daemon.plist / Library / Application Support / com.apple.iCloud. sync.daemon / $ HOME / Library / LaunchAgents / com.geticloud.icloud.photo.plist
If you see these files according to ESET says your system is infected.
If you have OSX / Keydnap on your system, you can remove it with a trusted antivirus. There is also a script on GitHub which you can run through the OS X terminal to delete the malicious software.