![]() The targeted emails distributed an information stealing program called Dimnie. Therefore, it came as no surprise when earlier this year security researchers detected a sophisticated spear-phishing attack targeting open source developers present on GitHub. One way to compromise software distribution servers is to steal login credentials from developers or other users who maintain the server infrastructure for software projects. The macOS version of the popular Transmission BitTorrent client distributed from the project's official website was found to contain malware on two separate occasions last year. This is not the first time Mac users have been targeted through such attacks either. "This generic technique of targeting self-updating software and their infrastructure has played a part in a series of high-profile attacks, such as unrelated incidents targeting Altair Technologies’ EvLog update process, the auto-update mechanism for South Korean software SimDisk, and the update server used by ESTsoft's ALZip compression application," the Microsoft researchers said in a blog post. Last week Microsoft warned of a software supply chain attack in which a group of hackers compromised the software update infrastructure of an unnamed editing tool and used it to distribute malware to select victims: mainly organizations from the financial and payment processing industries. This is just the latest in a growing string of attacks over the past few years in which attackers compromised software update or distribution mechanisms. The HandBrake forum announcement contains manual removal instructions and advises users who find the malware on their Macs to change all of the passwords stored in their macOS keychains or browsers. The Trojan software installs itself as a program called activity_agent.app and sets up a Launch Agent called fr.handbrake.activity_ist to start it every time the user logs in. In both instances, Eric Petit was the original developer of the legitimate HandBrake and Transmission apps.In order to obtain admin privileges, the malicious HandBrake installer asked victims for their password under the guise of installing additional video codecs, Wardle said. Last year, a popular torrenting app (Transmission) was also hacked to spread one of the first known Mac-targeting ransomware. It offers keylogging, remote access, stealing of files, and the ability to take and upload webcam or screenshot video and images. Then proceed to nuke your Mac reset and change all passwords.Īccording to Ars Technica, Proton is a general-purpose backdoor malware that’s on sale on the Dark Web for as much as US$63,000. To disinfect the Mac, you can remove the following Launch Agent plist file:Īlso remove the following file from your ~/Library/RenderFiles/ location: Remove the malicious malware as soon as possible. “path/to” refers to your HandBrake installation location/filename.Īlternatively, you can type “shasum” within Terminal and drag the file to the Terminal window. To check for the malware on your Mac, you can do a simple checksum verification by going to the Mac terminal and type in the following: The Handbrake Trojan targets passwords stored in the keychain and in browser-based password managers, such as the one in Safari. There is a 50% chance for a Mac user who downloaded HandBrake between 2 nd May and 6 th May 2017 to be infected with Proton. By scanning your Mac regularly, you’ll be secure in the knowledge that your Mac is free from malware. For this operation, were making no adjustments to anything in the Output Settings. While this will likely not impact a tremendous amount of HardOCP readers, it is worthy of noting that if you have recently downloaded and installed HandBrake for Mac, directly from the HandBrake site, you might be at risk for having been infected with malware. Browse your file system to where the troublesome file is located, select it, and click 'Open.' Now you see the file were converting listed under the Source heading. Researcher Patrick Wardle has plenty of other Proton details listed on his blog.Īccording to Ars Technica, the folks maintaining the HandBrake download mirrors said that one of their two servers was compromised by the malware. Click the 'Source' button and choose 'Open File' from the dropdown choices. As of writing, the VirusTotal tracking website showed only 12 services that are capable of picking up on the new malware. The malware provides a backdoor for malicious activity, such as stealing stored files.Īt the point of propagation, none of the 55 most widely-used antivirus services detected Proton. Over the weekend, the malware infected unsuspecting users by hitching a ride on a trusted server that hosted downloads for HandBrake, a popular DVD ripper and media encoding program. ![]() Some Mac users may have fallen victim to a new Mac malware called Proton. New Mac malware propagates through popular DVD ripping software
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |