by Jason Snell
HandBrake downloads compromised by malware
I love the video-encoding software HandBrake, and recommend it wholeheartedly. However, if you downloaded the installation package from Handbrake’s site between May 2 and May 6, you need to check your Mac to see if it installed malware.
(If you’re like me and use the auto-update system inside HandBrake to update the software, you won’t be affected. One of the nice things about the auto-update framework many Mac apps use is that it downloads are cryptographically signed, so if they are altered they can’t be installed.)
In a situation that seems similar to the one that affected the BitTorrent app Transmission a while back, a hacker apparently compromised one of HandBrake’s two download servers and replaced the download package with an altered one containing a trojan.
The problem has been fixed, but if you have a DMG file from earlier this week, you need to launch Activity Monitor and see if a process called Activity_agent is running. That’s the trojan. HandBrake’s blog has instructions for removal, but it means your OS X keychain and browser password stores have been compromised.
Apple has also been informed and macOS file protection definition files are apparently also being update, according to HandBrake’s developers.