CUPERTINO, Ca. – Security researchers have discovered what they believe to be the first-ever ransomware attack targeted at Apple users that actually made it out “into the wild” – a genuine threat. The ransomware, ironically, is spread through a popular client used to share pirated software.

The problem was first detected Friday, when a team of researchers at Palo Alto Networks found a popular BitTorrent client for Apple’s OS X software for Macs that was infected with the ransomware, which they have dubbed “KeRanger,” CNET reported.

The BitTorrent software in question is Transmission, which Mac users can install on Apple’s OS X operating system and then use to access shared files in so-called torrent swarms.

It’s not the very first time Mac-targeting ransomware has been detected by security experts. In 2014, Kaspersky Labs discovered such software, though it wasn’t complete at the time.

KeRanger, by contrast, marks the arrival of truly dangerous ransomware on the OS X platform.

“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Palo Alto Threat Intelligence Director Ryan Olson told Reuters on Sunday.

The stakes are high with KeRanger. Ransomware is designed to infect a computer and then put the owner in a bind, locking up files or functionality and essentially bricking the device until the user pays to have the problem neutralized. This particular piece of ransomware brings with it a $400 ransom note.

If a user installed one of the infected versions of Transmission, an executable file embedded within the software would run on the system. At first, there’d be no sign of a problem. But after three days, KeRanger would connect with servers over the anonymous Tor network and begin encrypting certain files on the Mac’s system.

“After completing the encryption process, KeRanger demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files,” the researchers wrote in their findings. “Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data.”

The Palo Alto Networks team notified both Apple and the Transmission Project on March 4. Since then, they say Apple has revoked the security certificate exploited by KeRanger and updated its XProtect antivirus software. Apple declined to comment for this story.

The researches also note that Transmission has removed the affected versions of the BitTorrent installer from its website.

If you directly downloaded the Transmission installer from the official website on March 4-5, 2016, you may have been infected by KeRanger. Even if you downloaded it elsewhere or at another time, Palo Alto Network’s security experts advise taking extra precautions. Head to their website to find out how to protect yourself.

Transmission is also recommending users should immediately upgrade to and run the latest version of its software, version 2.92, to ensure KeRanger is “correctly removed” if it is present on a user’s Mac.