Handbrake, an open source video transcoder app has replaced the latest Mac version with a malware, a file-stealing trojan horse after a mirror download server holding the software was hacked. Handbrake is used to copy video from a DVD to computer storage. They have warned some Mac users after they came to know that the original HandBrake-1.0.7.dmg installer file on mirror server download.handbrake.fr had been replaced by a malicious file.
Although the primary download mirror and website were not much affected, the project members still have a check for the infection for those who have downloaded and installed the software on the server between 14:30 UTC May 2 and 11:00 UTC May 6. You have 50/50 percent chances of infection by trojan if you have downloaded the file between this period. According to developers, Handbrake is also made available for users having Windows and Linux but only for those versions who were not affected.
Hackers have replaced this installer file with an infected version that installs a different version of the OSX Proton trojan horse. With the help of OSX, you could get the remote access to the infected systems. This would eventually allow them to steal the files, watch what the user is typing or take the screenshots, says the security researchers.
Apple updated its MacOS security software named as XProtect in February to protect against the original Proton malware. Apple has started updating its XProtect definitions on Saturday and the update will be made available in machine silently and automatically. Users can point out the malware by searching for a process called “Activity_agent” in MacOS’ Activity Monitor or authenticating the checksums of the version of HandBrake they installed.
One of the users wrote, “If you see any doubtful password dialogs, do not enter any of your password.” As Mac users are rarely targeted in comparison with Windows systems, they might be more vulnerable to such kind of attacks and are less likely to be running security software.