12/31/2023 0 Comments Handbrake software malwareMeanwhile, Mac users who have updated to HandBrake version 1.0 or later are not affected by the issue, as it uses DSA signatures to verify the downloaded files, so malware-tainted version reportedly would not pass the DSA verification process. However, instead of stopping here head on to your settings and change all the passwords that are stored in your OS X Ke圜hain or any browser password stores, as an extra security measure. Step 3: once done, you should remove any installations of Handbrake.app you may find. The website of the HandBrake app has been compromised, and one of its download mirrors modified to host a version of the Proton RAT embedded in the apps Mac client. Step 2: If ~/Library/VideoFrameworks/ includes proton.zip, remove the folder. Rm -rf ~/Library/RenderFiles/activity_agent.app Launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_ist Step 1: Open up the "Terminal" application and run the following command: The HandBrake developers have also included removal instructions for Mac users who have been compromised.įollow the following instructions to remove the Proton Rat from your Mac: If you have installed a HandBrake.dmg with the above checksums, you are infected with the trojan. Free Download Compatible with Windows 11/10/8.1/8/7/Vista/. The infected app is signed with the following hashes: You can also check for hashes to verify if the software you have downloaded is corrupted or malicious. Head on to the OSX Activity Monitor application, and if you see a process called "Activity_agent" there, you are infected with the trojan. The HandBrake team has provided instructions for less technical folks, who can check if they've been infected. The affected server has been shut down for investigation, but the HandBrake team is warning that anyone who has downloaded HandBrake for Mac from the server between May 2 and May 6, 2017, has a "50/50 chance" of getting their Mac infected by Proton. Originally discovered in February on a Russian underground hacking forum, Proton is a Mac-based remote access trojan that gives attackers root access privileges to the infected system. In case you aren't aware, HandBrake is an open source video transcoder app that allows Mac users to convert multimedia files from one format to another.Īccording to the HandBrake team, an unknown hacker or group of hackers compromised the download mirror server () and then replaced the Mac version of the HandBrake client (HandBrake-1.0.7.dmg) with a malicious version infected with a new variant of Proton. The HandBrake team issued a security alert on Saturday, warning Mac users that one of its mirror servers to download the software has been compromised by hackers. If you have recently downloaded the popular open source video transcoder app HandBrake on your Mac, there are chances that your computer is infected with a notorious Remote Access Trojan (RAT). The same group that breached IT software company SolarWinds last year has hacked cybersecurity firm Malwarebytes, adding to the growing list of major security firms targeted by the group.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |