THE DEVELOPERS of Handbrake, an open source video transcoder app, have sounded the alarm bells after discovering that the Mac version of its software had been compromised.
The warning comes in the form of a blog post, where the Handbrake team confirms that its website was compromised and one of its download mirrors modified to host a version of the Proton RAT Trojan.
The team warns that anyone who do downloaded the app between 2 May 2 and 6 May from the "download.handbrake.fr" mirror has a 50 per cent chance of finding some nasty stuff on their Mac.
"The affected server has been shut down for investigation, but developers are warning that users who downloaded the software from the server between 14:30 UTC May 2 and 11:00 UTC May 6 have a 50/50 chance of their system being infected by a Trojan," the blog post reads.
Automatically updated apps and files downloaded from the primary mirror are unaffected.
You can check if you've installed the malware by opening your Mac's Activity Monitor and checking if there's a process called "Activity_agent". If so, it's bad news, and your computer has been affected.
Thankfully, this rat is quite easy to remove, as the Handbrake team has explained:
- launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
- rm -rf ~/Library/RenderFiles/activity_agent.app
- if ~/Library/VideoFrameworks/ contains proton.zip, remove the folder
Once you've done this, the developers also advise that you also remove any "HandBrake.app" installs you may have.
What's more, it's also recommended that those who have been infected change all passwords stories in Apple's macOS Keychain, or similar password-storing service. µ
You can't fault them for speed
Investigation reveals that malicious code was injected into the firm's payment page
Plus the three-for-free
And it's not just on Ubuntu, neither