Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

HandBrake App Infected with Malware

Developers of the HandBrake DVD-ripping app have issued a warning that attackers inserted malware into copies of the app on one of its download mirror servers. They have shut that server down, but if you downloaded HandBrake between 14:30 UTC 2 May 2017 and 11:00 UTC 6 May 2017, you may have been infected. The HandBrake forum post provides more details on how to see if your Mac is infected and how to remove the infected files if so. If HandBrake’s developers had digitally signed the app with an Apple developer certificate, this particular attack couldn’t have happened. Apple has also updated XProtect to protect against future downloads of files infected with Trojan OSX.Proton.B.Generic Globefollow link


Comments about HandBrake App Infected with Malware
(Comments are closed.)

Chris Pepper  An apple icon for a TidBITS Staffer 2017-05-08 14:12
This isn't quite true. They can *generate* as many signatures as they want (MD5, SHA1, SHA-256, etc.), but if people don't verify them on download, they won't notice tampering.
B. Jefferson Le Blanc  2017-05-09 08:54
It's not bard to find and remove this malware, but the advice at the end of the article on the HandBreak web site is the really scary part: "Based on the information we have, you must also change all the passwords that may reside in your OSX KeyChain or any browser password stores." Yikes! That's literally every password on your system and any website that requires password access that your browser has recorded. For many of us it would be a huge task to replace all those passwords. This is a truly malignant exploit. I'm very grateful, therefore, that my system has not been infected.

Unfortunately, the HandBreak site does not include clear links to safe versions of the app. You have to suss it out from the numerous parameters they offer in describing the problem, which is thoughtless of them and inconvenient for us and just adds insult to injury for those who might have been infected. I suspect the developers are still in panic mode and have not noticed the lack of clarity in their notice.

As it happens, I have not launched HandBreak since I downloaded the last update so I'll be tossing it in the trash. And, given the developer's lack of clarity on the subject, I'll wait awhile before downloading another copy.

Maybe Josh can shed some light on the issue.
Josh Centers  An apple icon for a TidBITS Staffer 2017-05-09 10:54
My vague plan is to find an alternative to HandBrake in case they don't fix this mess. But that may be tough, since a lot of DVD ripping apps for the Mac are woefully outdated, and HandBrake has always been the gold standard there.
B. Jefferson Le Blanc  2017-05-10 18:59
It will be a sad day when (and if) we can no longer trust HandBreak. It has been the go-to app for DVD ripping for years now. The question in my mind is whether this is a temporary problem or not. And I don't understand why they cannot offer better clarity on the matter. Perhaps it's the traditional problem that engineers cannot write in plainly in English (of any other language for that matter). They simply can't seem to communicate clearly with normal, everyday people, you know, like their users and customers.