Sunday , 28 May 2017
Home >> I >> Internet >> Popular video-encoding Mac app HandBrake compromised with malware

Popular video-encoding Mac app HandBrake compromised with malware


The creators of media transcoding module HandBrake have issued a statement warning that certain downloads of a installer for a Mac chronicle of a app might enclose a Trojan virus.

Downloading a app between May 2 (14:30 UTC) and May 6 (11:00 UTC) from a “download.handbrake.fr” counterpart means we have a 50-percent possibility of being putrescent with a Trojan. Automatically updated apps (using updater chronicle 1.0 and above), and files downloaded from a primary counterpart are unaffected.

Diagnosis

The enemy transposed a common HandBrake installer file, patrician ‘HandBrake-1.0.7.dmg’, with a chronicle that also contained a Trojan virus, so checking if we have this record on your complement and saying when it was downloaded is a initial step to identifying a threat.

If we have downloaded a installer during a specified time window, we can check if you’ve inadvertently commissioned a malware by opening your Mac’s Activity Monitor focus and saying if we have a routine called “Activity_agent”. If so, we are infected.

If we still have a installer file, we can also check if it has possibly of a following checksums, that further prove that it contains a Trojan.

SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274

SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793


For a step-by-step on last a file’s checksums, check out this how-to.

Removal

Removing a malware is thankfully utterly simple. Open a Terminal by acid for it in a Launchpad and form a following commands (without a bullet point), attack enter after any line.

  • launchctl unpack ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
  • rm -rf ~/Library/RenderFiles/activity_agent.app
  • if ~/Library/VideoFrameworks/ contains proton.zip, mislay a folder

Once you’ve finished this, open your Applications folder and mislay any instances of Handbrake.app there (or any other locations we might have commissioned it to).

Because this Trojan targets passwords and supportive information, if you’ve been putrescent it’s endorsed we change all passwords that are stored in Apple’s macOS KeyChain or any identical password-storing services, such as browser-based cue stores. Note that deletion passwords from these services isn’t sufficient — you’ll need to indeed change any cue that has been stored in one of these locations, as they could have already been sent to a Trojan’s creators.