The HandBrake squad issued a security alert on Saturday, warning Mac users that i of its mirror servers to download the software has been compromised past times hackers.
In illustration you lot aren't aware, HandBrake is an opened upwards source video transcoder app that allows Mac users to convert multimedia files from i format to another.
According to the HandBrake team, an unknown hacker or grouping of hackers compromised the download mirror server (download.handbrake.fr) together with thence replaced the Mac version of the HandBrake customer (HandBrake-1.0.7.dmg) amongst a malicious version infected amongst a novel variant of Proton.
Originally discovered inward Feb on a Russian clandestine hacking forum, Proton is a Mac-based remote access trojan that gives attackers source access privileges to the infected system.
The affected server has been near downwards for investigation, only the HandBrake squad is warning that anyone who has downloaded HandBrake for Mac from the server betwixt May ii together with May 6, 2017, has a "50/50 chance" of getting their Mac infected past times Proton.
How to Check if You're Infected?
The HandBrake squad has provided instructions for less technical folks, who tin banking firm lucifer if they've been infected.
Head on to the OSX Activity Monitor application, together with if you lot meet a procedure called "Activity_agent" there, you lot are infected amongst the trojan.
You tin too banking firm lucifer for hashes to verify if the software you lot accept downloaded is corrupted or malicious. The infected app is signed amongst the next hashes:
SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274If you lot accept installed a HandBrake.dmg amongst the higher upwards checksums, you lot are infected amongst the trojan.
SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793
How to Remove the Proton RAT?
The HandBrake developers accept too included removal instructions for Mac users who accept been compromised.
Follow the next instructions to take away the Proton Rat from your Mac:
Step 1: Open upwards the "Terminal" application together with run the next command:
launchctl unload /Library/LaunchAgents/fr.handbrake.activity_agent.plist
rm -rf /Library/RenderFiles/activity_agent.app
Step 2: If /Library/VideoFrameworks/ includes proton.zip, take away the folder.
Step 3: i time done, you lot should take away whatsoever installations of Handbrake.app you lot may find.
However, instead of stopping here; caput on to your settings together with modify all the passwords that are stored inward your OS X KeyChain or whatsoever browser password stores, every bit an extra safety measure.
Meanwhile, Mac users who accept updated to HandBrake version 1.0 or afterwards are non affected past times the issue, every bit it uses DSA signatures to verify the downloaded files, thence malware-tainted version reportedly would non leave of absence the DSA verification process.
Share This :
comment 0 Comments
more_vert