Developers at the Transmission BitTorrent client project say their download servers were compromised and an unauthorised Mac client containing malware was made available for users late last month.
The official 2.92 Mac version was replaced with one that contained the OSX/Keydnap malware and this was available from 28 August for a little less than a day.
Keydnap can steal passwords and keys from an OS X keychain and create a permanent backdoor into an infected system.
The project said the infected file had now been removed from its servers and it had now migrated its website and all binary files to Github.
{loadposition sam08}Binaries and the website will be hosted in two separate repositories as an additional precaution.
Those who have been infected as a result of downloading the compromised binary have been provided with a series of steps to remove Keydnap.
Transmission is available for the Mac, numerous UNIX-like operating systems including Linux, and a number of embedded systems.