I think this is the first time I've encountered a really serious threat since I've been a Mac user, and it's been a few years now. A few days ago we found the good news of an update available for Trnasmission, one of the best clients for Torrents available for OS X. Well, this update (2.90) includes in some cases a virus that can render your hard drive useless. If you are a Transmission user, you are interested in reading this news in detail.
This is the first known case of "ransomware" for OS X. This malware, which is installed together with Transmission update 2.90, is responsible for encrypting your hard drive three days after it was installed, so the data on the drive they will be inaccessible to the user. To regain access to them, a "ransom" (ransom) will have to be paid. This malware, called "KeRanger", has already been notified to Apple and the company has acted through its protection system for OS X, Gatekeeper, which will prevent you from installing this version of Transmission, but those who have already installed it are not protected. If you have already installed version 2.90 of Transmission, you should immediately update to the new version 2.91 that is already available to install.
If you want to check if you are affected by "KeRanger" you can open the application "Activity monitor" inside the folder «Applications> Utilities». Look for the "kernel_process" process, if you find it, you are infected, if you can't find it, don't worry. If so, it is best to restore to a version of the system prior to the installation of Transmission, and of course then remove the application and install the new version. Even if you are not infected, update to the new version that you can download from here.
Transmission claims to have nothing to do
Obviously the developers of Transmission claim they have nothing to do with this attack. How the infected installers reached the official application servers is still unknown, but probably in addition to infecting the installer, your website will have been hacked and these files will have been added with KeRanger, the malware in question. According to the official words of its developers, all the installers that are currently available on its official website are clean and it is expected that not many will be affected by this malware. You have much more information in this link.
And as we always say, on Mac it is not necessary to have antivirus since normally, with a little common sense we prevent malware from entering our Apple computer, however, you may miss having one installed. For that, we propose this list of the best antivirus for Mac.
"Kernel process" is the same as "kernel task"?
kernel task is this
https://support.apple.com/es-es/HT203184
I'm not infected ... ufff Joer go brown whoever gets it.
kernel task is this
https://support.apple.com/es-es/HT203184
What a joy! I was infected a long time ago by the Chernobyl virus. What a good time I had!
Thank you!
and I already found the «Delete» .. it's Fn + Delete… 🙂
I think it is kernel_service not kernel_service
Ruth Medina
It is not a virus; it is a Trojan.
Can it be the same as a process called KernelEventAgent?