the developers of the open-source video tools Handbrake wise in a warning to back that one of its download servers by hackers has been compromised. The unknown perpetrators therefore planted up a Trojan in the installation package. However, are affected only users of Apple’s desktop operating system macOS.
the manipulated version of Handbrake was distributed from May 2nd (16:30). She was available until May 6 (13: 00). The Trojan is a new version of OSX. Proton, which establishes a remote access to infected Mac to its masterminds. The hacker can capture screenshots and keystrokes in real-time, install more malware, and accessing the webcam.
the Advisory that is likely to have downloaded a time goods contaminated version of Handbrake, 50 percent in the same period. Affected users should check the SHA1 or SHA256 hash value of its installation file. The values SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274 and SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793 are evidence of an infection with the remote access Trojan. Another indication is a process called “Activity_agent” in the OSX activity monitor.
a guide to remove the Trojan provides
handbrake. Sufferers must include two commands in the Terminal, type, delete a folder and uninstall the handbrake app. In addition, the developers recommend to change all the passwords that are stored in OSX keychain or an installed browser, since one must assume a full compromise of the system after an infection with the Trojans.
objective-see who tabled the infected installation file on Saturday at VirusTotal.is now informed of the incident. The company distributes new definitions for the security function XProtect, designed to prevent infection with the Trojans since the weekend. In the period in which the handbrake server offered the Trojans, was however, no antivirus program capable of detecting malicious software. The blog points out
the developers emphasize that only the Installer “Handbrake-1.0.7.dmg” on the download server “download.handbrake.fr” has been tampered with. Neither the handbrake website nor the primary download server, the update feature of Handbrake 1.0 or later were affected. However, the Trojans during an automatic update of version 0.10.5 could or be been removed earlier.
: how well do you know the story of viruses? Check your knowledge – with 15 questions on silicon.de .