Six Colors
Six Colors

by Jason Snell & Dan Moren

This Week's Sponsor

Kolide ensures only secure devices can access your cloud apps. It's Device Trust for Okta. Watch the demo today!

by Jason Snell

HandBrake downloads compromised by malware

I love the video-encoding software HandBrake, and recommend it wholeheartedly. However, if you downloaded the installation package from Handbrake’s site between May 2 and May 6, you need to check your Mac to see if it installed malware.

(If you’re like me and use the auto-update system inside HandBrake to update the software, you won’t be affected. One of the nice things about the auto-update framework many Mac apps use is that it downloads are cryptographically signed, so if they are altered they can’t be installed.)

In a situation that seems similar to the one that affected the BitTorrent app Transmission a while back, a hacker apparently compromised one of HandBrake’s two download servers and replaced the download package with an altered one containing a trojan.

The problem has been fixed, but if you have a DMG file from earlier this week, you need to launch Activity Monitor and see if a process called Activity_agent is running. That’s the trojan. HandBrake’s blog has instructions for removal, but it means your OS X keychain and browser password stores have been compromised.

Apple has also been informed and macOS file protection definition files are apparently also being update, according to HandBrake’s developers.

—Linked by Jason Snell

Search Six Colors