Apple Ransomware KeRanger
The first fully functional ransomware targeting Apple Inc.’s Mac OS X operating-system software was discovered within a package associated with the BitTorrent client Transmission, which is used for file sharing. Reuters/Mike Segar

Roughly 6,500 people downloaded the software employed in the first known ransomware attack to target Apple Mac personal computers. It’s a surprisingly small number that makes clear the real damage has been inflicted on Apple Inc.’s reputation for security, as opposed to a large number of Mac users.

A representative of Transmission, the BitTorrent client used to mount the attack, told Reuters Monday the ransomware was added to its software’s disk image after the Transmission website server was overtaken during an attack. The ransomware’s existence was first publicly reported Sunday, when the cybersecurity company Palo Alto Networks Inc. made clear that Mac PCs (long considered almost hack-proof) were being infected by a strain of malicious software that encrypts all of the users’ data and whose makers were charging ransoms to restore access.

The hackers were able to spread the infection by falsifying a trusted web developer’s credentials, meaning Apple would have had no reason to suspect anything suspicious.

“We’ve seen developer credentials offered on hacking forums for a considerable amount of time, and it isn’t shocking that this strategy was used to enable the app to be distributed,” Grayson Milbourne, security intelligence director at the online security firm Webroot Inc., said in an emailed statement. “I also found it interesting that it was targeting a BitTorrent software. It could just be coincidence that the developer credentials were for this type of software, or maybe they were going after people pirating movies.”

With millions of users, Transmission has warned that all Mac users who downloaded the software March 4-5 is at risk of having their PCs become infected. Developers claim Transmission’s latest version, 2.92, is safe to use.