HandBrake is one of the most renowned independent Mac software. It allows the conversion of video files to virtually any available format, and if the hardware you are working on is powerful enough, it’s a pretty quick conversion. Between May 2nd and May 6th, hackers compromised one of the software’s download servers, replacing the original file with one containing malware. Finding this malware on your Mac is quite simple, and even eradicating it: but you’d better change all – and we do mean all – the passwords you have because the malware has probably read and stolen all the passwords contained in your browser or the system keychain.
If you have updated HandBrake through the app installer, though, there are no problems.
How to remove the infected HandBrake version
- Open Activity Monitor.
- If you see a process called “Activity_agent”, you have been infected with malware. If you do not see it, all’s good on Earth.
- This malware is a variant of OSX.PROTON: To remove it, launch the Terminal and enter these commands:
- If you find a file called proton.zip in the ~ / Library / VideoFrameworks folder, delete it.
- For safety, also delete HandBrake, and download it again.
- Change all your passwords. All.
launchctl unload ~ / Library / LaunchAgents / fr.handbrake.activity_agent.plist
rm -rf ~ / Library / RenderFiles / activity_agent.app
How to protect yourself from viruses on Mac
You can’t. It’s like on Windows: If you accept suspected attachments that arrive by email, or visit barely legal sites, the risk exists. macOS offers more protection, by default, than Windows. Check your Mac with an antivirus, and be alert.