Skip to main content
  1. Home
  2. Computing
  3. News

Handbrake for Mac just had a brief but serious malware problem

By

Apple MacBook 13-inch Touch Pad
Bill Roberson/Digital Trends
The open source video transcoder program Handbrake, and more specifically its Mac version, had a serious security flaw last week. Although it has now been fixed, anyone who downloaded and installed the software between May 2 and May 6 should look to verify that their system is not infected with a nasty trojan.

Although Apple’s ’00s-era marketing suggested that its platform was essentially virus free, today that’s not really the case. Handbrake is the latest example of that, though it does seem like the developers quickly responded and have since cleared up the issue. They’ve also corresponded with Apple to see that OSX’s XProtect feature is aware of the malware and will keep its automated eyes open for it.

Recommended Videos

The trojan sneaked into the legitimate version of Handbrake through an infected download mirror server. From there it attached itself to Handbrake 1.0.7 and was downloaded by a number of users. According to the Handbrake team, around 50 percent of users who downloaded the software between May 2 and May 6 were routed to the infected server.

Related

With that in mind, Apple is now urging all those who did download the software during that period to perform some checks to see if they have been affected. The first step is to look out for the process “Activity_agent.” If it’s found to be running, then your system is infected. Another way is to compare your download’s checksum hash with the one listed on the official forum post.

If it turns out you are infected with the trojan, there are a few steps to take to remove it. They involve running terminal commands, followed by the removal of any HandBrake.app installs you have. You can find the full list of commands on the Handbrake forum linked above.

Unfortunately, though, you shouldn’t stop there. Once you have confirmed removal of the malware, then you need to change your passwords. One of the tasks that the trojan performs is password thievery, so any passwords you may have used since you installed Handbrake should be changed, as well as any that reside in your OSX KeyChain and any stored in the browser.

It might be a pain in the neck, but it’s an important step to mitigate any damage that the Proton-inspired malware might do.

Editors' Recommendations

Topics
Jon Martindale
Jon Martindale
Computing Coordinator
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
ChatGPT just created malware, and that’s seriously scary
A MacBook Pro on a desk with ChatGPT's website showing on its display.

A self-professed novice has reportedly created a powerful data-mining malware using just ChatGPT prompts, all within a span of a few hours.

Aaron Mulgrew, a Forcepoint security researcher, recently shared how he created zero-day malware exclusively on OpenAI's generative chatbot. While OpenAI has protections against anyone attempting to ask ChatGPT to write malicious code, Mulgrew found a loophole by prompting the chatbot to create separate lines of the malicious code, function by function.

Read more
This Mac malware can steal your credit card data in seconds
Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Despite their reputation for security, Macs can still get viruses, and that’s just been proven by a malicious new Mac malware that can steal your credit card info and send it back to the attacker, ready to be exploited. It’s a reminder to be careful when opening apps from unknown sources.

The malware, dubbed MacStealer, was discovered by Uptycs, a threat research firm. It hoovers up a wide array of your personal data, including the iCloud Keychain password database, credit card data, cryptocurrency wallet credentials, browser cookies, documents, and more. That means there’s a lot that could be at risk if it gains a foothold on your Mac.

Read more
This devious scam app proves that Macs aren’t bulletproof
A close-up of a MacBook illuminated under neon lights.

Pirated software can cause all kinds of headaches, but Mac users might have thought themselves largely immune thanks to Apple’s reputation for solid security. Yet, that complacency could prove quite problematic, as a new strain of nearly undetectable malware has shown.

According to research from security firm Jamf Threat Labs, pirated versions of Apple’s Final Cut Pro moviemaking app have been modified to contain cryptojacking payloads. When installed, the app starts using your Mac to mine the Monero cryptocurrency behind your back, potentially slowing down your machine as system resources are illegitimately gobbled up.

Read more