HandBrake is an especially widespread piece of video transcoding software program as a result of it’s cross-platform, open supply, and free. Nevertheless, it was additionally just lately compromised by malware. Customers of the software program have been alerted just lately that one in all HandBrake’s obtain mirrors was infiltrated between Might 2nd and sixth. Anybody who downloaded the macOS model of HandBrake throughout that point might have picked up a nasty Trojan.

The maintainers of HandBrake report that one of many two obtain mirrors it makes use of was affected, however the principle Handbrake web site and mirror was not. The affected area (obtain.handbrake.fr) has been shut down pending an investigation. Anybody who downloaded the app throughout that point is suggested to perform a little detective work to seek out out in the event that they have been contaminated.

The legit installer (HandBrake-1.zero.7.dmg) was apparently changed with one other file on Might 2nd that contained an Apple Trojan referred to as OSX.PROTON. The SHA1 checksum of that file doesn’t match the publicly obtainable quantity for HandBrake, so anybody who nonetheless has the file can test to see if it’s really malware. Likewise, anybody who put in HandBrake throughout that point can test the macOS exercise monitor for “activity_agent.” That’s the method spawned by OSX.PROTON, which permits it to spy on the system.

OSX.PROTON is a distant entry Trojan bought incessantly on underground Russian malware boards. It’s not low-cost, both. The authors of OSX.PROTON reportedly demand as a lot as 100 Bitcoins (about $163,000) for the software program. When put in on a pc, OSX.PROTON can monitor keystrokes, steal information, obtain new information from URLs, and take screenshots of the machine. It even has real Apple code-signing signatures, so no crimson flags go up throughout set up. It’s one of many worst-case eventualities in the case of malware an infection. Anybody who is likely to be contaminated is suggested to alter their passwords instantly utilizing a unique system, then clear the an infection from the pc.

Saying the OSX.PROTON malware, screenshot by way of SIXGILL.

HandBrake supplies directions on the way to take away OSX.PROTON from an contaminated laptop, however the alert was solely posted on HandBrake’s boards. It’s probably lots of these contaminated won’t ever hear in regards to the safety breach. One bit of excellent information is that Apple has pushed an update to XProtect that blocks any future installations of OSX.PROTON.

The HandBrake builders are within the means of revamping its obtain server to make sure this doesn’t occur once more. Downloads is likely to be a bit slower whereas that’s taking place, and archived variations of HandBrake gained’t be obtainable.