The one in recent memory for me is the KeRanger ransomware that was distributed ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		wlesieutre on Jan 20, 2021 \| parent \| context \| favorite \| on: Porting Firefox to Apple Silicon The one in recent memory for me is the KeRanger ransomware that was distributed in the official Transmission installer. https://unit42.paloaltonetworks.com/new-os-x-ransomware-kera... >Transmission representative John Clay told Reuters via email that the ransomware was added to disk-image of its software after the project's server was compromised in a cyber attack. >"We're not commenting on the avenue of attack, other than to say that it was our main server that was compromised," he said. "The normal disk image (was) replaced by the compromised one."

setpatchaddress on Jan 20, 2021 [–]

Just to answer the original question: that's an example of something Apple handled -- no external AV required.

wlesieutre on Jan 20, 2021 | [–]

Yes, although it snuck by Gatekeeper to begin with by being signed by another developer account.

Would make it past Apple's new notarization scheme these days?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact