Server for HandBrake hacked, here's what to do if you've been infected

The malicious file was up between 14:30 UTC May 2 and 11:00 UTC May 6 If you downloaded the Mac version of popular video converter Handbra...

The malicious file was up between 14:30 UTC May 2 and 11:00 UTC May 6

If you downloaded the Mac version of popular video converter Handbrake last week, your computer may be infected with a trojan. The developers behind the open source app have issued a security warning to Mac users after a mirror download server (download.handbrake.fr) hosting the software was hacked, replacing the HandBrake-1.0.7.dmg file for an infected one.

The malicious file was up between 14:30 UTC May 2 and 11:00 UTC May 6. “You have 50/50 chance if you've downloaded HandBrake during this period," the developer warns. The malware in question is a new variant of OSX.PROTON, a Mac-based remote access trojan that gives the attacker root-access privileges, allowing them to perform all kinds of actions, from viewing the screen in real time and recording keystrokes, to uploading your files, downloading additional malware, accessing the webcam, and more.

If you downloaded the video transcoding software during the reported timeframe, the easiest way to confirm if you’re infected is by launching Activity Monitor from Applications/Utilities and looking for a process called “activity_agent”. If it’s there then your system is infected.

Apple updated its macOS security software XProtect in February to defend against the original Proton malware, and begun rolling out new definitions over the weekend to detect the new variant as well.

Deleting the infected files manually is also relatively straightforward. All you need to do is open up the “Terminal” application and run the following commands:

launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
rm -rf ~/Library/RenderFiles/activity_agent.app

HandBrake recommends checking the ~/Library/VideoFrameworks folder for the presence of a file called “proton.zip” and deleting the entire VideoFrameworks directory if found. You should also delete the infected HandBrake.dmg file and reinstall from a clean source.

According to HandBrake, the primary download mirror and website are unaffected. We’ve also made sure that TechSpot’s download entry for HandBrake points to a clean file.

While that should take care of the original infection, users should run additional malware detection software in case anything else has already been downloaded to your system, and change all the passwords in their macOS Keychain as well as any of the passwords they saved in their browsers.


http://www.techspot.com/news/69225-server-handbrake-hacked-here-what-do-if-youve.html
Name

English News techspot.com
false
ltr
item
Techno - Gampong IT - Reference Information Technology: Server for HandBrake hacked, here's what to do if you've been infected
Server for HandBrake hacked, here's what to do if you've been infected
http://www.techspot.com/images2/news/bigimage/2017/05/2017-05-01-image-8.jpg
Techno - Gampong IT - Reference Information Technology
http://techno.gampongit.com/2017/05/server-for-handbrake-hacked-heres-what.html
http://techno.gampongit.com/
http://techno.gampongit.com/
http://techno.gampongit.com/2017/05/server-for-handbrake-hacked-heres-what.html
true
7281475864779722461
UTF-8
Tidak ditemukan artikel apapun LIHAT SEMUA Selengkapnya Balas Batal Balas Hapus Oleh Beranda HALAMAN ARTIKEL Lihat Semua REKOMENDASI LABEL ARSIP SEARCH SEMUA ARTIKEL Tidak ditemukan posting yang sesuai dengan permintaan Anda Halaman Utama Minggu Senin Selesa Rabu Kamis Jumat Sabtu Min Sen Sel Rab Kam Jum Sab Januari Februari Maret April Mei Juni Juli Agustus September Oktober November Desember Jan Feb Mar Apr Mei Jun Jul Agu Sep Okt Nov Des baru saja 1 menit lalu $$1$$ minutes ago 1 jam lalu $$1$$ hours ago Kemarin $$1$$ days ago $$1$$ weeks ago lebih dari 5 minggu yang lalu Pengikut Ikuti KONTEN PREMIUM Silakan share untuk membuka Salin Semua Code Pilih Semua Code Semua kode disalin ke clipboard Anda Tidak dapat menyalin kode/teks, silakan tekan [CTRL] + [C] (atau CMD + C dengan Mac) untuk menyalin