A popular media encoding software, HandBrake, has been compromised by hackers who infected the download server of the software, enabling them to push malware that stole victims’ passwords, even from vaults and the credentials used to decrypt them.
According to the developers of the software, anyone who has downloaded it between May 2 and May 6 has a 50/50 chance of getting their system hit by Trojan.
The downloads between these dates consist Proton malware which creates a backdoor on the infected PCs and at the time, none of the major anti-virus software could detect it.
The infected copy of the software asks for the user’s admin ID and password which once entered is available to the attackers on their servers. The malware also sends several sensitive user files to the hacker’s server.
“These files contain a number of bits of data to be exfiltrated from the machine, such as browser data (including stored form auto-fill data), keychains, and even 1Password vaults,” Thomas Reed, Security Researcher at Malwarebytes noted.
If the SHA1 hash matches the one mentioned above, then you need to trash the .dmg file and any other HandBrake app files and scan your PC for the OSX.Proton malware.
It’s also a good idea to change the passwords stored in your browsers or password vaults after removing the files, scanning and rebooting your system.