The party is ON! Join us at TNW Conference 2021 in Amsterdam for face-to-face business!

The heart of tech

This article was published on May 8, 2017

    HandBrake reminds all of us that Macs aren’t immune from malware

    HandBrake reminds all of us that Macs aren’t immune from malware
    Bryan Clark
    Story by

    Bryan Clark

    Former Managing Editor, TNW

    Bryan is a freelance journalist. Bryan is a freelance journalist.

    HandBrake’s developers are warning Mac users about a possible malware infection after downloading the popular video transcoding app. The dev team spotted the issue Saturday, and note users who downloaded the app between 14:30 (UTC) on May 2 and 11:00 (UTC) on My 6 have a 50/50 chance of infection.

    The malware is a variant of OSX.PROTON, a remote access tool (RAT) sold on cybercrime forums all over the web. The RAT has the typical feature set of other RAT programs, including keylogging, remote access (including root access), the ability to grab screen shots, steal files, or execute shell commands.

    To obtain admin privileges, it needs your password, which many unknowing downloaders provided under the guise of downloading additional video codecs.

    Fortunately, it’s relatively easy to spot. Just open macOS Activity Montior and search for ‘Activity_agent’. If you see the search term, you’re infected. To remove, just open Terminal and run the following commands:

    • launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
    • rm -rf ~/Library/RenderFiles/
    • if ~/Library/VideoFrameworks/ contains, remove the folder

    And it should go without saying that you should delete HandBrake, only re-installing after completing the steps above.