HandBrake is a particularly in style piece of video transcoding software program as a result of it’s cross-platform, open supply, and free. Nonetheless, it was additionally just lately compromised by malware. Customers of the software program have been alerted just lately that considered one of HandBrake’s obtain mirrors was infiltrated between Might 2nd and sixth. Anybody who downloaded the macOS model of HandBrake throughout that point might have picked up a nasty Trojan.
The maintainers of HandBrake report that one of many two obtain mirrors it makes use of was affected, however the principle Handbrake web site and mirror was not. The affected area (obtain.handbrake.fr) has been shut down pending an investigation. Anybody who downloaded the app throughout that point is suggested to perform a little detective work to search out out in the event that they have been contaminated.
The legit installer (HandBrake-1.zero.7.dmg) was apparently changed with one other file on Might 2nd that contained an Apple Trojan referred to as OSX.PROTON. The SHA1 checksum of that file doesn’t match the publicly out there quantity for HandBrake, so anybody who nonetheless has the file can test to see if it’s truly malware. Likewise, anybody who put in HandBrake throughout that point can test the macOS exercise monitor for “activity_agent.” That’s the method spawned by OSX.PROTON, which permits it to spy on the system.
OSX.PROTON is a distant entry Trojan bought continuously on underground Russian malware boards. It’s not low cost, both. The authors of OSX.PROTON reportedly demand as a lot as 100 Bitcoins (about $163,000) for the software program. When put in on a pc, OSX.PROTON can monitor keystrokes, steal information, obtain new information from URLs, and take screenshots of the machine. It even has real Apple code-signing signatures, so no pink flags go up throughout set up. It’s one of many worst-case situations in terms of malware an infection. Anybody who may be contaminated is suggested to alter their passwords instantly utilizing a distinct gadget, then clear the an infection from the pc.
HandBrake supplies directions on the way to take away OSX.PROTON from an contaminated pc, however the alert was solely posted on HandBrake’s boards. It’s possible a lot of these contaminated won’t ever hear concerning the safety breach. One bit of excellent information is that Apple has pushed an update to XProtect that blocks any future installations of OSX.PROTON.
The HandBrake builders are within the technique of revamping its obtain server to make sure this doesn’t occur once more. Downloads may be somewhat slower whereas that’s taking place, and archived variations of HandBrake received’t be out there.