Mac App developers Issued Urgent Malware Warning

  • 0
Urgent Malware Warning Issued by known Mac App developers

Mac App developers Issued Urgent Malware Warning

Category : Blog

Mac App developers Issued Urgent Malware Warning

Mac App developers Issued Urgent Malware Warning. Mac security has been going through some difficult times after the warning from Checkpoint to users regarding a first of a kind Trojan spreading in Europe. The latest malicious problem has been found in one of the most important video transcoding apps for Mac.

The developers of the software Handbrake issued a warning, mentioning that one of the mirror sites to download the software has been compromised. The warning is only for those users who may have downloaded the software between 2nd to 6th May with a maximum chance of being infected.

Mac App developers Issued Urgent Malware WarningOn the mirror server, the installer file download.handbrake.fr (HandBrake-1.0.7.dmg) was replaced by a malicious file, which gives the hacker root access privileges to the system. The malware is a form of OSX.PROTON. In February, Apple had issued an update to XProtect to account for the original Proton. The latest version should automatically download for more users.

Following the process of detection and removal of the malicious malware:

Detection:-

Your device is infected if you see a process called “Activity_agent” in the OSX Activity Monitor application. For instance, if you’ve installed a HandBrake.dmg with the following checksums, you will also be infected:

SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274

SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793

The Trojan in question is a new variant of OSX.PROTON

Removal:-

Open up the “Terminal” application and run the following commands:

launchctl      unload          ~/Library/LaunchAgents/fr.handbrake.activity_agent.plistrm     -rf ~/Library/RenderFiles/activity_agent.appif ~/Library/VideoFrameworks/ contains proton.zip, remove the folder

Then Remove any “HandBrake.app” installs you may have.

Users of Handbrake should be more careful, although primary mirror site and the automatic updater on versions 1.0 or later haven’t been affected. For a safety measure, it is suggested that users should change all passwords stored in any OSX or browser keychains.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

CEH V9  training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Leave a Reply

Show Buttons
Hide Buttons