I love the video-encoding software HandBrake, and recommend it wholeheartedly. However, if you downloaded the installation package from Handbrake’s site between May 2 and May 6, you need to check your Mac to see if it installed malware.
(If you’re like me and use the auto-update system inside HandBrake to update the software, you won’t be affected. One of the nice things about the auto-update framework many Mac apps use is that it downloads are cryptographically signed, so if they are altered they can’t be installed.)
In a situation that seems similar to the one that affected the BitTorrent app Transmission a while back, a hacker apparently compromised one of HandBrake’s two download servers and replaced the download package with an altered one containing a trojan.
The problem has been fixed, but if you have a DMG file from earlier this week, you need to launch Activity Monitor and see if a process called
Activity_agent is running. That’s the trojan. HandBrake’s blog has instructions for removal, but it means your OS X keychain and browser password stores have been compromised.
Apple has also been informed and macOS file protection definition files are apparently also being update, according to HandBrake’s developers.
—Linked by Jason Snell