Handbrake Malware Attack Captures Source Code
Panic, Inc is a software develop company that makes a suite of apps for the Apple OS X platform. In May, a mirror download server was compromised, which allowed the legitimate version of the Mac transcoder app Handbrake to be replaced by an infected version. The OSX.PROTON trojan infecting the app allowed hackers to gain remote access the the subsequently infected computer at Panic Inc. This enabled them to steal the source code to the library of apps from Panic Inc.
The hackers subsequently issued a ransom demand to Panic Inc, which Panic is not paying. According to their internal audit, no customer records were obtained in the attack and the source code was the only loss.
Panic has issued a statement advising Mac users to only download their apps from the Mac App Store or the company’s website to avoid installing compromised versions that may be released in the future.
The library of apps includes: Firewatch, an adventure game, Coda, a web editor, FTP app Transmit and SSH client Prompt. Both Apple and the FBI are actively involved in tracking the source of the attack and monitoring the App store for signs of infected versions being offered. Panic asks anyone encountering compromised versions of their apps to contact them immediately with details.