Handbrake video transcoder developers issue Mac security warning

171 0
Handbrake

Mac users, take note. The developers of popular open source video transcoder app Handbrake have issued a security warning after one of their mirror download servers was hacked.

An alert was issued on Saturday after the developers discovered that the original Handbrake-1.0.7 dmg installer on the download.handbrake.fr mirror server was replaced by a malicious file. The affected server has been shut down for investigation.

Do note that if you’ve downloaded the app between 14:30 UTC, 2 May and 11:00 UTC, 6 May, there’s a 50% chance that it may be infected by a Trojan. In an alert sent out on Saturday, it warns that if you see a process called “Activity_agent” in the OSX Activity Monitor, then you’re infected.

If you’re infected, here’s how you remove it. You’ll need to fire up Terminal and follow the commands below:

  • launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
  • rm -rf ~/Library/RenderFiles/activity_agent.app
  • if ~/Library/VideoFrameworks/ contains proton.zip, remove the folder

For reference, if you’ve installed a HandBrake.dmg with the following checksums, you will also be infected:

SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274
SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793

You should remove any Handbrake.app installs from your computer. If you’ve a utility like CleanMyMac, even better.

Just as a precaution, change all your passwords that may be in your OSX KeyChain, or any stored browser passwords.

As a primer, the malware is a new variant of OSX.PROTON – a Mac-based remote access Trojan. It gives the attacker root-access privileges.

In February, Apple updated its built-in security software XProtect to defend against the original Proton. Apple is said to have updated XProtect definitions and it should already be seeded to devices automatically.

READ ALSO  DxOMark: iPhone X “delivers one hell of a smartphone camera”; records best ever photography score

According to Handbrake, the Download Mirror Server is undergoing a complete rebuild from scratch, so downloads may be slower than usual.

Source: Handbrake via Macrumors

About The Author

Designer. Serial Entrepreneur. Blogger. Writer. Webhead. Tech geek. Twitter-addict. Mac advocate. Animal lover. Steve Jobs groupie. Footballer. Plays for KutipFC. Petrolhead. BMW fan. Alfisti. Chelsea FC.