Mac HandBreak downloads infected by Trojan

macOS version of HandBrake, an open-source video transcoding software that converts multimedia files into various formats, was recently infected with a Trojan. According to HandBreak’s announcement, if you downloaded the app between May 2 (14:30 UTC) and May 6 (11:00 UTC), there’s a 50% chance that your system got infected. Read on to find out more.

How to know if your device was infected

HandBrake can be downloaded from its official website and via mirror sites, or sites that provide the same content as the primary site. Infected downloads came from the mirror site, download.handbrake.fr, where the installer file (HandBrake-1.0.7.dmg) was swapped with a Trojan file, OSX.PROTON. This malicious file managed to trick Apple’s security approval system into deeming it as safe and legitimate.

One way to find out whether you’ve downloaded the Trojan is to look for an “activity_agent” process in the macOS by accessing the Activity Monitor application. Another way is by checking whether the installer file’s checksums match HandBreak’s public codes. You can do this by comparing your downloaded file’s codes with the ones found on HandBreak’s checksums page. If they don’t match, that means you’ve downloaded an infected installer file. This all might sound like a lot of tech gobbledygook, but these checks are essential to knowing whether or not your system has been infected.

The damage

The OSX.PROTON is considered one of the nastiest Trojans today because it can spy on computers from a remote location. It can monitor your activities, upload malicious files on your computer, steal your password and confidential information by detecting keystrokes or taking screenshots, and take over your entire system by hacking your admin settings.

Downloading an innocuous video transcoding application is not typically considered dangerous. However, downloading apps from unofficial sources definitely poses considerable risks. In such a scenario, a backed up data can save your malware-infected computer.

Precautionary measures

Fortunately, Apple has taken steps to block further infections by releasing an update. If your system has been infected, however, it’s not too late. Follow HandBreak’s suggested steps in removing infected files to mitigate any damage. You should also take additional security measures such as changing passwords from a different device. Better yet, get professional help from IT security experts.

Every time you download an app from an unauthorized source, know that there are risks. If you’re a Mac user, download apps only from the Apple Store; and for Android users, only from the Google Play Store. And to gauge the safety of the apps you want to download, it always helps to read their reviews beforehand.

The HandBreak macOS malware is just one of many that are attacking vulnerable systems. With the help of our network security experts, you can thwart cyber attackers’ attempts to steal your sensitive data, hold your files for ransom, or spy on your online activities. Call us now so we can recommend suitable protections.