Skip to main content

PSA: If you downloaded Handbrake last week, your Mac may be seriously compromised

If you downloaded the popular video converter Handbrake last week, your Mac may be infected with a nasty trojan. The developer said over the weekend that one of the mirror sites used to download the app was hacked, with the real app replaced by a trojan that gives root access …

Writing on the company’s forum, Handbrake said that the malware was online for five days last week.

Anyone who has downloaded HandBrake on Mac between 02/May/2017 14:30 UTC and 06/May/2017 11:00 UTC [has a] 50/50 chance if you’ve downloaded HandBrake during this period.

The company warned that even after you’ve removed the malware, it’s possible that your KeyChain passwords may have been compromised, and you should change all passwords stored there – which for many people is going to be the vast majority of their passwords.

The company said that you can easily check whether you’re infected by opening Activity Monitor and searching for a process called Activity_agent or checking the checksum used.

For reference, if you’ve installed a HandBrake.dmg with the following checksums, you will also be infected:

SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274
SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793

The trojan can then be removed by running the following commands in Terminal:

  • launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
  • rm -rf ~/Library/RenderFiles/activity_agent.app
  • if ~/Library/VideoFrameworks/ contains proton.zip, remove the folder

In Applications, delete HandBrake.app.

Via Gizmodo


FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear