9/28/2023 0 Comments Handbrake mac os download![]() ![]() The malicious payload runs on any Mac with OS X 10.7 or newer.Īt the time of writing, the malware does not appear capable of uploading the sensitive user data to its server, but we should assume that it did successfully do so in the May 2-6 timeframe. Should Mac users be concerned about Proton? Google Chrome, Firefox, Opera and likely other browsers are raided for sensitive information. The activity_agent does not appear to upload or download any data during our testing. Keychain data, Safari stored form data, and Safari cookies are collected, compressed and stored on the system for later upload. The backdoor application activity_agents is placed in Users > *your user* > Library > RenderFiles, and it is kept alive through restarts with a simple LaunchAgent. The compromised server could have been used as a Command and Control (C&C) server as well. ![]() In the background, however, a backdoor was installed, named “activity_agent.” The backdoor was observed contacting 85.17.25.66, which is the IP address that hosts the handbrake website. Once the password is entered, Handbrake will launch and it appears to be business as usual. Under the guise of needing to install additional codecs, a malicious payload is installed instead. The user will drag Handbrake to their Applications folder and launch it.Īt this point, the application does something unusual, which will immediately stick out to long time Handbrake users: It asks for administrator privileges. dmg file as expected, and upon opening the file, nothing suspicious can be seen. It was not distributed on any other websites. Only those that downloaded Handbrake from their mirror server () received the malicious application. Intego VirusBarrier anti-virus identifies and eradicates this malware as OSX/Proton.B. Anyone who downloaded Handbrake between May 2 and May 6 potentially grabbed a version that was infected with malware. Handbrake, a popular open source video encoder, posted on its forums this weekend saying that their mirror download server was compromised. Malware Handbrake’s Server Compromised, Download Installs Complex Trojan ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |