Handbrake developers issue Mac security warning after mirror download server hack
The developers of open source video transcoder app Handbrake have issued a security warning to Mac users after a mirror download server hosting the software was hacked.
The alert was issued on Saturday after it was discovered that the original HandBrake-1.0.7.dmg installer file on mirror server download.handbrake.fr had been replaced by a malicious file.
The affected server has been shut down for investigation, but developers are warning that users who downloaded the software from the server between 14:30 UTC May 2 and 11:00 UTC May 6 have a 50/50 chance of their system being infected by a trojan. "If you see a process called 'Activity_agent' in the OS X Activity Monitor application, you are infected," read the alert.
To remove the malware from an infected computer, users need to open up the Terminal application and run the following commands:Users should then remove any installs of the Handbrake.app they have on their system. As an extra security recommendation, users should also change all the passwords that may reside in their OSX KeyChain or in any browser password stores.
- launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
- rm -rf ~/Library/RenderFiles/activity_agent.app
- if ~/Library/VideoFrameworks/ contains proton.zip, remove the folder
The malware in question is a new variant of OSX.PROTON, a Mac-based remote access trojan that gives the attacker root-access privileges. Apple updated its macOS security software XProtect in February to defend against the original Proton malware. Apple initiated the process to update its XProtect definitions on Saturday and the update should already be rolling out to machines silently and automatically.
Handbrake users should note that the primary download mirror and the Handbrake website were unaffected by the hack. Downloads via the application's built-in updater with 1.0 and later are also unaffected, since these are verified by a DSA Signature and won't install if they don't pass. However, users with Handbrake 0.10.5 and earlier who used the application's built-in updater should check their system, as these versions don't have the verification feature.
For reference, HandBrake.dmg files with the following checksums are infected:
SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274
SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd 2b743b01ae6793
(from Macrumors.com)
Try StreamFab Downloader and download from Netflix, Amazon, Youtube! Or Try DVDFab and copy Blu-rays! or rip iTunes movies!
+ Reply to Thread
Results 1 to 1 of 1
Thread
Similar Threads
-
Warning: HandBrake 1.0.7 for Mac from official mirror virus infested
By sneaker in forum Latest Video NewsReplies: 0Last Post: 7th May 2017, 08:14 -
Handbrake issue with RGB
By yosuke30 in forum Video ConversionReplies: 7Last Post: 1st May 2016, 06:04 -
Strange Handbrake Issue
By RKelly in forum Video ConversionReplies: 5Last Post: 28th Sep 2013, 18:02 -
Handbrake Encoding Issue
By mrjlr93 in forum Video ConversionReplies: 2Last Post: 12th Aug 2013, 05:33 -
Handbrake settings for Quicktime (Mac)
By flips01 in forum MacReplies: 7Last Post: 5th Aug 2012, 14:08