| 4 | | '''Q. What happened?''' |
| 5 | | |
| 6 | | A. It appears that on or about August 28, 2016, unauthorized access was gained to our website |
| 7 | | server. The official Mac version of Transmission 2.92 was replaced with an unauthorized version that contained the OSX/Keydnap malware. The infected file was available for download somewhere between a few hours and less than a day. Additional information about the malware is available [http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/ here] and [http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/ here]. |
| 8 | | |
| 9 | | '''Q. What steps have been taken following the incident?''' |
| 10 | | |
| 11 | | A. The infected file was removed from the server immediately upon discovering its existence, which was less than 24 hours after the file was posted to the website. To help prevent future incidents, we have migrated the website and all binary files from our current servers to [https://github.com/transmission GitHub]. Other services, which are currently unavailable, will be migrated to new servers in the coming days. As an added precaution, we will be hosting the binaries and the website (including checksums) in two separate repositories. |
| 12 | | |
| 13 | | '''Q. Am I at risk?''' |
| 14 | | |
| 15 | | A. The infected file was available for download from our website for less than a day, and the file was not available through the auto-update mechanism. Steps to check for, and remove, an infection are available [http://transmissionbt.com/keydnap_removal/ here]. |
| 16 | | |
| 17 | | '''Q. Can you share any more information about this incident?''' |
| 18 | | |
| 19 | | A. We are in the process of investigating the incident and will share any relevant information that we discover here. |
| | 4 | Q: What happened?:: |
| | 5 | A: It appears that on or about August 28, 2016, unauthorized access was gained to our website server. The official Mac version of Transmission 2.92 was replaced with an unauthorized version that contained the OSX/Keydnap malware. The infected file was available for download somewhere between a few hours and less than a day. Additional information about the malware is available [http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/ here] and [http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/ here]. |
| | 6 | Q: What steps have been taken following the incident?:: |
| | 7 | A: The infected file was removed from the server immediately upon discovering its existence, which was less than 24 hours after the file was posted to the website. To help prevent future incidents, we have migrated the website and all binary files from our current servers to [https://github.com/transmission GitHub]. Other services, which are currently unavailable, will be migrated to new servers in the coming days. As an added precaution, we will be hosting the binaries and the website (including checksums) in two separate repositories. |
| | 8 | Q: Am I at risk?:: |
| | 9 | A: The infected file was available for download from our website for less than a day, and the file was not available through the auto-update mechanism. Steps to check for, and remove, an infection are available [http://transmissionbt.com/keydnap_removal/ here]. |
| | 10 | Q: Can you share any more information about this incident?:: |
| | 11 | A: We are in the process of investigating the incident and will share any relevant information that we discover here. |
