![]() ![]() ![]() ![]() Be sure to only download Panic’s software from a trusted source. Panic warned that its code may be repackaged into fake or infected copies of its software. The founder of Panic, a Mac software company known for its Coda and Transmit software (and unrelated to HandBrake), expressed concern that the source code of Panic software was allegedly stolen as a result of having installed the infected version of HandBrake on his Mac. Panic Source Code Compromised After HandBrake Hack Users who fell victim were encouraged by HandBrake’s developer to change all passwords in their macOS keychain and any saved browser passwords.įor details, see Handbrake’s Server Compromised, Download Installs Complex Trojan. The compromised version of HandBrake put up an unusual dialog box, claiming, “HandBrake needs to install additional codecs,” and prompted the user for their administrator username and password. The download server of popular video transcoding software HandBrake was compromised in early May, causing many who downloaded the software to inadvertently infect their Macs. New Mac Malware OSX/Proton.B Distributed Via HandBrake Download Server The second variant (OSX/Dok.B) is a full-fledged remote access Trojan (RAT) that attempts to steal keychains, iOS backups, iMessage chat history, and more from your Mac.įor more details, see OSX/Dok Can Read Encrypted Web Traffic, Open a Backdoor.Īlthough Apple updated its XProtect signatures and revoked the Apple Developer ID used to sign the first variant, CheckPoint noted that the attackers already began using a new Developer ID and began to further obfuscate their code to try to avoid detection. In Bus圜al or Bus圜ontacts, select Bus圜al or Bus圜ontacts > Preferences > Acccounts, select your iCloud account in the left sidebar, then enter the new app-specific password in the Password field.The first variant (OSX/Dok.A) disguises itself as an old version of the macOS Preview app and the Mac App Store, tricking users into typing their password, which then allows the malware to install a malicious SSL/TLS certificate and a TOR proxy to intercept all Web traffic, including sites that would normally be (and may still appear to be) secure.
0 Comments
Leave a Reply. |