Alert Mac Users; Handbrake Mirror download Server Hacked with Malware

If you are using the famous file-transcoding app “Handbrake,” there is a bad news: The download server of the app was hacked according to the reports. If you installed the software between 14:30 UTC May 2 and 11:00 UTC May 6, there is a pretty good chance that you may have been affected too.

Currently, the server of the software is displaying a sign:

  • “If you see a process called ‘Activity_agent’ in the OS X Activity Monitor application, you are infected – Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan.”

As per the security warning from HandBrake, the malware inserted by the hackers is a new variant of previously know “OSX.PROTON”, which allowed hackers to have remote access to the affected device.

It must be noted that in Febuarary this year HackRead exclusively reported on OSX.PROTON malware being sold on the dark web for 40 BTC. The report was based on the findings of SixGill, a cyber-intelligence company.

Mac OS’s security is pretty tight with hacker having a very little window of opportunity to show off, but it looks like hackers are keeping up the pace with security team of Mac OS.

Presently it is unclear as to what the malware can be used for. However, just like any other malware, experts believe that this malware can be used by the hacker to spy on the infected device, steal their data and even worse, hijack the webcam and the mic of the device.

We will strongly recommend running the following commands on the terminal of the application if you think you might be the one affected too.

* launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist

* rm -rf ~/Library/RenderFiles/activity_agent.app

* if ~/Library/VideoFrameworks/ contains proton.zip, remove the folder

In fact, users are advised to uninstall the app from their devices too, just to be sure.

Fortunately, the Apple has been made aware of this scenario, and they have taken the necessary steps to cope with this issue too. Apple authorities are working on updating the XProtect definitions to fight against the malware, and it is believed that the updates will be publicly available very soon.

The above scenario is an example of what the hackers are capable of, and even though Apple’s devices have very strict security protocols, they are still vulnerable. Using a good anti-virus is highly recommended to make sure that you aren’t victimized.


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Jahanzaib Hassan