- #Handbrake dvd ripper mac software#
- #Handbrake dvd ripper mac password#
- #Handbrake dvd ripper mac download#
Once the Mac is disinfected, users should change all passwords. To disinfect a Mac, remove the Launch Agent plist file fr.handbrake.activity_ist, and the activity_agent.app file located in ~/Library/RenderFiles/. Anyone who installed the malware should take action as soon as possible. (People can also type "shasum" in the Terminal and then drag the installation file into the Terminal window.) If the sum that's returned is "0935a43ca90c6c419a49e4f8f1d75e68cd70b274," the file is malicious. Readers can check this sum by opening the Mac terminal, typing "shasum /path/to/HandBrake-1.0.7.dmg" where "path/to" is the folder location where the installation file is found. AdvertisementĪnyone who has installed version 1.0.7 should check the SHA1 checksum of the installation file. Another way to detect compromised Macs, according to Cybereason researcher Amit Serper: Proton stores stolen data in a file called proton.zip that's saved in ~/Library/VideoFrameworks. Anyone who has installed HandBrake and sees a process named "activity_agent" in the OSX Activity Monitor is infected.
Versions 1.0 and later weren't susceptible. People who had HandBrake version 0.10.5 or earlier installed on their Mac may also have been infected because those versions didn't use cryptographic signing to verify the authenticity of downloaded updates. Because the other site wasn't compromised, people who downloaded the app from May 2 to May 6 had a 50-50 chance of obtaining the malicious version. HandBrake maintainers said the hacked mirror site was one of two servers used to distribute the app.
#Handbrake dvd ripper mac password#
(Pro tip: never store the master password for your password manager in the keychain, and make sure it’s a unique, strong password!)
Since the user’s password was phished previously, that can be used to unlock the keychains, and either it or other passwords found in the keychain may be able to unlock other encrypted files. These files contain a number of bits of data to be exfiltrated from the machine, such as browser data (including stored form auto-fill data), keychains, and even 1Password vaults. In a blog post published Monday morning, Thomas Reed, director of Mac offerings at antivirus provider Malwarebytes, wrote: Once installed, the malware sent a variety of sensitive user files to the same server.
#Handbrake dvd ripper mac download#
When the malicious download was opened, it directed users to enter their Mac administrator password, which was then uploaded in plain text to a server controlled by the attackers. That's according to researcher Patrick Wardle, who reported results here and here from the VirusTotal file-scanning service. At the time that the malware was being distributed to unsuspecting Mac users, none of the 55 most widely used antivirus services detected it.
#Handbrake dvd ripper mac software#
Over a four-day period ending Saturday, a download mirror located at delivered a version of the DVD ripping and video conversion software that contained a backdoor known as Proton, HandBrake developers warned over the weekend. Hackers compromised a download server for a popular media-encoding software named HandBrake and used it to push stealthy malware that stole victims' password keychains, password vaults, and possibly the master credentials that decrypted them, security researchers said Monday.
0 kommentar(er)
