HandBrake reminds all of us that Macs aren’t immune from malware

HandBrake’s developers are warning Mac users about a possible malware infection after downloading the popular video transcoding app. The dev team spotted the issue Saturday, and note users who downloaded the app between 14:30 (UTC) on May 2 and 11:00 (UTC) on My 6 have a 50/50 chance of infection.

The malware is a variant of OSX.PROTON, a remote access tool (RAT) sold on cybercrime forums all over the web. The RAT has the typical feature set of other RAT programs, including keylogging, remote access (including root access), the ability to grab screen shots, steal files, or execute shell commands.

Ever been to a tech festival?

TNW Conference won best European Event 2016 for our festival vibe. See what’s in store for 2017.

To obtain admin privileges, it needs your password, which many unknowing downloaders provided under the guise of downloading additional video codecs.

Fortunately, it’s relatively easy to spot. Just open macOS Activity Montior and search for ‘Activity_agent’. If you see the search term, you’re infected. To remove, just open Terminal and run the following commands:

  • launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
  • rm -rf ~/Library/RenderFiles/activity_agent.app
  • if ~/Library/VideoFrameworks/ contains proton.zip, remove the folder

And it should go without saying that you should delete HandBrake, only re-installing after completing the steps above.


Security Warning
on HandBrake