HandBrake DVD Ripper Trojan

If you installed the popular Mac DVD ripper and video converter Handbrake early last month, your machine might be at risk from a backdoor trojan known as Proton.

Hackers were able to compromise a download server for HandBrake, a widely used open-source program that is used to rip DVDs and convert video files, and hide malware within it. The team at HandBrake posted a security warning that users who downloaded the application between 2nd May and 6th May should scan their machines for the Proton malware.

Only one of the download mirrors was infected, which was hosted on their French server, so anyone who downloaded the program during the period has a 50% chance of having downloaded the malicious version of the file. Users who upgraded the software through the program’s interface, rather than downloading the file and installing it from scratch, won’t be affected, as the updates are stored on a different server.

Proton is a remote access tool, or RAT, which has been sold on cybercrime websites and forums since early 2017. It has all the features that are typically found in such programs, including keylogging, remote access via SSH or VNC, and the ability to execute shell commands as root, grab webcam and desktop screen shots, steal files and more. It tricks users into entering their password by displaying a dialogue box asking for permission to install necessary codecs.

Anyone who might be infected is advised to change their passwords immediately using a different device, then clear the infection from the computer.