- HANDBRAKE FOR MAC MOJAVE INSTALL
- HANDBRAKE FOR MAC MOJAVE UPDATE
- HANDBRAKE FOR MAC MOJAVE VERIFICATION
- HANDBRAKE FOR MAC MOJAVE SOFTWARE
HANDBRAKE FOR MAC MOJAVE VERIFICATION
Apple used to offer these checksums on their downloads page, but has since stopped doing so as well.įor websites that do offer these checksums, verification is easy.
HANDBRAKE FOR MAC MOJAVE SOFTWARE
In reality, very few people actually do this, and a lot of websites that distribute software don’t even offer these checksums for you to verify. In Handbrake’s case, they maintain a page that lists all the checksums for available downloads, so anyone can verify the download is compromised. One way to verify if the file you downloaded is the real deal, is by comparing checksums. If this becomes a trend, and even the servers of the trusted source can no longer be trusted, we may very well be in trouble. If a user is not suspicious, they won’t go looking for malware, and malware that goes undetected longer is typically more successful. Going after servers, which are typically not updated or patched as often as they should be, will result in less users downloading your malware, but the fact that it comes from a trusted source will make those users not suspicious at all. As with Transmission, not once but twice, the download server was compromised and the application available for download was replaced with a malicious one. What is worrying, however, is the way the attackers went about this. However, without a server to offload its collected data to, it is currently not a major threat.
HANDBRAKE FOR MAC MOJAVE UPDATE
Unfortunately, even with the latest XProtect update in place, Proton still installed and ran just fine, though some other researchers have reported that XProtect did in fact stop the DMG from being opened. Handbrake notified Apple whom late afternoon added the signature to its XProtect database as. Good advice seeing as all the stored names, passwords, form data, and more, could now be in the hands of the bad guys.
Handbrake offers the following advice in its forum post:īased on the information we have, you must also change all the passwords that may reside in your OSX Ke圜hain or any browser password stores. The malicious payload runs on any Mac with OS X 10.7 or newer.Īt the time of writing, the malware does not appear capable of uploading the sensitive user data to its server, but we should assume that it did successfully do so in the May 2-6 timeframe.
Should Mac users be concerned about Proton? Google Chrome, Firefox, Opera and likely other browsers are raided for sensitive information. The activity_agent does not appear to upload or download any data during our testing. Keychain data, Safari stored form data, and Safari cookies are collected, compressed and stored on the system for later upload. The backdoor application activity_agents is placed in Users > *your user* > Library > RenderFiles, and it is kept alive through restarts with a simple LaunchAgent. The compromised server could have been used as a Command and Control (C&C) server as well. In the background, however, a backdoor was installed, named “activity_agent.” The backdoor was observed contacting 85.17.25.66, which is the IP address that hosts the handbrake website. Once the password is entered, Handbrake will launch and it appears to be business as usual.
HANDBRAKE FOR MAC MOJAVE INSTALL
Under the guise of needing to install additional codecs, a malicious payload is installed instead. The user will drag Handbrake to their Applications folder and launch it.Īt this point, the application does something unusual, which will immediately stick out to long time Handbrake users: It asks for administrator privileges. dmg file as expected, and upon opening the file, nothing suspicious can be seen. It was not distributed on any other websites. Only those that downloaded Handbrake from their mirror server () received the malicious application. Intego VirusBarrier anti-virus identifies and eradicates this malware as OSX/Proton.B. Anyone who downloaded Handbrake between May 2 and May 6 potentially grabbed a version that was infected with malware. Handbrake, a popular open source video encoder, posted on its forums this weekend saying that their mirror download server was compromised. Malware Handbrake’s Server Compromised, Download Installs Complex Trojan
0 kommentar(er)
