An Apple representative said the company had taken steps over the weekend to prevent attacks by revoking a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs. The representative said he could not immediately provide other details.[…]
The malware is programmed to encrypt files on an infected personal computer three days after the original infection, according to Olson.[…]
The project’s website, http://www.transmissionbt.com, on Sunday carried a warning saying that version 2.90 of its Mac software had been infected with malware.
There isn’t much information to go off for the time being and it looks like there’s still a lot of investigation going on about what, exactly, has happened and where the malware was picked up – you’ll find a more technical discussion happening over at Hacker News.
Somewhat related to this, ATP recently had a great discussion on the merits of sandboxing Mac apps that are available outside the Mac App Store and that, if an app can be sandboxed, it probably should.