Apple users have fallen prey to ransomware for the first time ever. The ‘KeRanger’ malware appeared hidden in the popular BitTorrent application, Transmission. Users’ Macs were infected upon downloading the latest copy.

A ransomware is malicious code, like any other type of malware. The way it works is usually by hiding inside a program one may hastily download, irrespective of the risks. A message then appears, telling the user all or part of their files have been encrypted, and the only way to decrypt them is by paying a ransom – usually in digital currency, which is difficult to trace.

An attack of this sort struck computers in a US hospital in Hollywood recently, forcing it to pay a $17,000 ransom to regain control of its systems. The hackers had originally demanded $3.7 million.

On Friday, a similar fate befell Apple users as they downloaded Transmission 2.90, researchers at the company’s Palo Alto headquarters said on Sunday in their blog.

The company’s Threat Intelligence Director Ryan Olson confirmed to Reuters over the phone that the ‘KeRanger’ malware was “the first one in the wild that is definitely functional, encrypts your files and seeks a ransom.

“Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site,” Apple continued on its Palo Alto blog.

“The KeRanger application was signed with a valid Mac app development certificate; therefore, it was able to bypass Apple’s Gatekeeper protection,” they explained.

“If a user installs the infected apps, an embedded executable file is run on the system. KeRanger then waits for three days before connecting with command and control (C2) servers over the Tor anonymizer network. The malware then begins encrypting certain types of document and data files on the system.”

After this is complete, the malware demands $400 from every infected user, equivalent to one bitcoin.

An Apple representative told the agency the company has been implementing various contingency measures over the weekend.

The company says anyone who hasn’t paid up could start losing data on Monday.