Six Colors
Six Colors

by Jason Snell & Dan Moren

Support this Site

Become a Six Colors member and get access to an exclusive weekly podcast, community, newsletter and more.

Linked by Jason Snell

HandBrake downloads compromised by malware

I love the video-encoding software HandBrake, and recommend it wholeheartedly. However, if you downloaded the installation package from Handbrake’s site between May 2 and May 6, you need to check your Mac to see if it installed malware.

(If you’re like me and use the auto-update system inside HandBrake to update the software, you won’t be affected. One of the nice things about the auto-update framework many Mac apps use is that it downloads are cryptographically signed, so if they are altered they can’t be installed.)

In a situation that seems similar to the one that affected the BitTorrent app Transmission a while back, a hacker apparently compromised one of HandBrake’s two download servers and replaced the download package with an altered one containing a trojan.

The problem has been fixed, but if you have a DMG file from earlier this week, you need to launch Activity Monitor and see if a process called Activity_agent is running. That’s the trojan. HandBrake’s blog has instructions for removal, but it means your OS X keychain and browser password stores have been compromised.

Apple has also been informed and macOS file protection definition files are apparently also being update, according to HandBrake’s developers.