HandBrake reminds all of us that Macs aren’t immune from malware

HandBrake reminds all of us that Macs aren’t immune from malware

HandBrake’s developers are warning Mac users about a possible malware infection after downloading the popular video transcoding app. The dev team spotted the issue Saturday, and note users who downloaded the app between 14:30 (UTC) on May 2 and 11:00 (UTC) on My 6 have a 50/50 chance of infection.

The malware is a variant of OSX.PROTON, a remote access tool (RAT) sold on cybercrime forums all over the web. The RAT has the typical feature set of other RAT programs, including keylogging, remote access (including root access), the ability to grab screen shots, steal files, or execute shell commands.

To obtain admin privileges, it needs your password, which many unknowing downloaders provided under the guise of downloading additional video codecs.

Fortunately, it’s relatively easy to spot. Just open macOS Activity Montior and search for ‘Activity_agent’. If you see the search term, you’re infected. To remove, just open Terminal and run the following commands:

  • launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
  • rm -rf ~/Library/RenderFiles/activity_agent.app
  • if ~/Library/VideoFrameworks/ contains proton.zip, remove the folder

And it should go without saying that you should delete HandBrake, only re-installing after completing the steps above.

Security Warning on HandBrake

Read next: The SCOTTeVEST is a bonkers 19-pocket hoodie that can hold two iPads and charge your phone