Wardle said that when the infected HandBrake app runs, it asks via a phony authentication popup for the user’s credentials. Patrick Wardle, a Mac security expert, said on the Objective-See blog on Saturday that the Proton variant has zero coverage on VirusTotal by antimalware engines. The price, according to the researchers, is steep at around 100 Bitcoin ($163,600 today). “This means the author of Proton RAT somehow got through the rigorous filtration process Apple places on MAC OS developers of third-party software, and obtained genuine certifications for his program.” “The malware is shipped with genuine Apple code-signing signatures,” the Sixgill report said. Researchers at Sixgill published an analysis of the Mac malware, which is used to spy on the victim’s activities it can monitor keystrokes, upload files to remote machines, download files from the web, steal screenshots and connected directly via SSH or a remote admin tool such as VNC. Proton is a remote access Trojan, or RAT, sold in Russian underground forums. “If you see a process called ‘activity_agent’ in the OSX Activity Monitor application, you are infected,” the advisory said. The handlers advise verifying the SHA1 or SHA256 sum of the file before running it.
There are Windows, Mac and Linux versions. HandBrake is free software that is used to convert video from a variety of formats to a supported codec. HandBrake, meanwhile, advises its users to also change all passwords in their OSX Ke圜hain or passwords stored in their browsers. “You have 50/50 chance if you’ve downloaded HandBrake during this period.”Īpple, however, has since pushed out a XProtect signature preventing any new infections. “Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan,” said an advisory. HandBrake warned users on Saturday of a compromise of one of its mirror download servers, and said anyone who grabbed the software between May 2 and May 6 could have also downloaded a variant of the OSX.PROTON Trojan onto their Mac system. The handlers of the open source HandBrake video transcoder are warning anyone who recently downloaded the Mac version of the software that they’re likely infected with malware.
0 kommentar(er)
