First Virus to Hit Apple Mac Users
How KeRanger Works
Once a victim of KeRanger installs the infected versions of the Transmission app, KeRanger malware embeds itself in the victim's machine and encrypts the hard drive - containing important documents, images and video files, as well as email archives and databases - after 3 days.
The KeRanger malware then asks the victim to pay 1 Bitcoin as the ransom amount to allow the victim to decrypt the hard drive and regain access to his/her important files.
The malware imposes a 72-hour lockout window unless the payment is made.
Though it is still unclear how the hackers managed to compromise the app and upload the infected files, it is believed that they managed to hack the Transmission website as the site was served via HTTP instead of HTTPS.