Video transcoding app Handbrake has been hit by a group of cyber criminals who sabotaged the download section of the site
It's a tough time for Mac users. The cybersecurity of Apple's home devices has suffered several hacker attacks in recent times. Recently, a new trojan was discovered, spread in Europe that is the first of its kind in how it acts. And now one of the most popular apps has ended up at risk.
The app in question is Handbrake, one of the most widely used software on Macs for transcoding videos. The app's developers have released a statement where they warn users. Apparently the download section of their site has been targeted by hackers who are using it to generate a whole series of cyber attacks. The developers said that anyone who downloaded the software between May 2 and May 6 has a 50% chance of being infected with the virus. However, the company advised anyone who has recently installed the service to perform a security check.
How the attack happens
The attack was generated in a very simple way. On the site, in the download section, the original file, named download.handbrake.fr (HandBrake-1.0.7.dmg), was replaced with several malicious codes. Apparently, the malware is a variant of the famous, and feared, OSX.PROTON. In February, Apple had released a security patch to counteract this virus, which grants hackers various access privileges. Apparently, however, cyber criminals have made a new version of the malware. Apple has stated that it will soon release a new security update to remove this risk as well. In the meantime, let's see how to defend ourselves manually.
How to defend yourself
Detecting the malware is super easy. If we notice a process, named "Activity_agent" in OSX Activity Monitor application it means that our Mac has been infected. We have also been infected if we have installed a HandBrake.dmg file with these codes: SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274; SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793. To remove the malware we open the terminal on our Mac and type the following commands: launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plistrm -rf ~/Library/RenderFiles/activity_agent.appif ~/Library/VideoFrameworks/ contains proton.zipper, remove the folder. At this point we remove any "HandBrake.app" we find installed and we're done. If you have suffered this attack it is important to change all passwords saved on your computer and browser immediately.