Wrestling Desires - Home of Sports Entertainment Community

User Tag List

  • Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Depressed
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • Results 1 to 2 of 2

    Thread: Website of HandBrake App Hacked to Spread Proton RAT for Mac Users

    1. #1
      Administrator
      Yes! Yes! Yes!
       
      I am:
      Friendly
       
      Oldschool's Avatar
      Join Date
      May 2008
      Posts
      46,155
      Post Thanks / Like
      WD Coins
      21,166,263,511,884 (110,274 Banked)
      Mentioned
      22 Post(s)
      Tagged
      0 Thread(s)
      Quoted
      36 Post(s)
      vCash
      990
      vBActivity - Stats
      Points
      17,736
      Level
      37
      vBActivity - Bars
      Lv. Percent
      89.22%
      Achievements Posts

      Default Website of HandBrake App Hacked to Spread Proton RAT for Mac Users

      The website of the HandBrake app has been compromised, and one of its download mirrors modified to host a version of the Proton RAT embedded in the app's Mac client.

      HandBrake is a multi-platform transcoder, an app that helps users convert multimedia files from one format to another.

      According to a security alert posted yesterday on the app's forum, an unknown attacker had compromised on of the website's download mirrors, located at download.handbrake.fr.

      The miscreant(s) replaced the Mac version of the HandBrake client with his own version, which also contained Proton, a Remote Access Trojan for macOS.

      The Proton RAT was first spotted in March when a crook put it up for sale on an underground hacking forum. The RAT can be used to steal data from infected devices, but also to allow attackers to connect via VNC or SSH to infected hosts.
      Download mirror compromised for four days

      According to the HandBrake team, their servers were compromised between May 2, 2017, 14:30 UTC and May 6, 2017, 1:00 UTC. Users who downloaded HandBrake for Mac 1.0.7 are most likely compromised.

      "If you see a process called 'Activity_agent' in the OSX Activity Monitor application. You are infected," HandBrake developers say.

      The SHA256 of the infected HandBrake file is 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793. A VirusTotal scan of this file doesn't list any infection, but this was one of Proton's advertised features, as being "undetectable."

      Users who updated to HandBrake 1.0.7 are safe, as the updater uses DSA signatures to verify the downloaded files. The DSA signature check was introduced in HandBrake 0.10.6, so users who updated from an earlier version should check their systems if they've been compromised.
      Removal instructions

      The HandBrake team provides the following removal instructions:

      Step 1: Open the "Terminal" application and run the following command:
      launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist

      Step 2: Run the following command:
      rm -rf ~/Library/RenderFiles/activity_agent.app

      Step 3: If ~/Library/VideoFrameworks/ contains proton.zip, remove the folder.

      Step 4: Remove any "HandBrake.app" installs you may have.

      "Based on the information we have, you must also change all the passwords that may reside in your OSX KeyChain or any browser password stores," the app developers also added.

      The HandBrake team has taken the affected download mirror server offline for an investigation. During this time, the team said HandBrake app downloads would run slower.
      Happened before. To the same team.

      The main author of the HandBrake app is also the author of the Transmission BitTorrent client for Mac. In March 2016, an unknown attacker had compromised the download mirror for the Transmission Mac client and replaced the original with a version that contained the KeRanger ransomware.

      A few months later, the same download mirror was compromised again, this time with the Keydnap infostealer.


      credit:
      https://www.bleepingcomputer.com/news/security/website-of-handbrake-app-hacked-to-spread-proton-rat-for-mac-users/





      Please order your ul.to account from here to help cover costs - thanks for your support, you guys rock !!!!!
      Code:
      http://ul.to/ref/3078460

    2. #2
      || VIP ||
      I AM 3:16
       
      I am:
      Cool
       
      Sajjad Fazli's Avatar
      Join Date
      Oct 2015
      Posts
      1,098
      Post Thanks / Like
      WD Coins
      5,380 (0 Banked)
      Mentioned
      11 Post(s)
      Tagged
      0 Thread(s)
      Quoted
      3 Post(s)
      vCash
      500
      vBActivity - Stats
      Points
      6,826
      Level
      25
      vBActivity - Bars
      Lv. Percent
      33.86%
      Achievements Posts

      Default

      oh my god, oldie This is only for Mac or Windows also includes.?
      💀There's Only One Gimme a Hell Yeah 💀
      Facebook WWE WWF Best Video

      Twitter.com/SajjadFazli


    Thread Information

    Users Browsing this Thread

    There are currently 1 users browsing this thread. (0 members and 1 guests)

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  

    Important Site Information