MacBooks
Handbrake developers issued a warning to Mac users after a mirror download server hosting its software was compromised Justin Sullivan/Getty Images

The developers of popular video transcoder HandBrake have issued a security alert to Mac users after a mirror download server hosting the software was compromised by hackers. HandBrake issued the alert on the app's forum on Saturday (6 May) after hackers replaced its original Mac version with malware.

The team said any Mac users who downloaded its software between 2 May and 6 May this year have a 50/50 chance that their system has been infected by a Trojan. Users can check their "Activity Monitor" as well as checksums to see if their system was affected.

"If you see a process called 'Activity_agent' in the OSX Activity Monitor application. You are infected," the team said, noting that the malicious download is a new variant of OSX.Proton. This remote access trojan (RAT) was first seen in February and gives a malicious actor root access privileges to a victim's system.

According to security expert Graham Cluley, this Mac-based RAT "allows malicious attackers to remotely access infected Mac computers, opening up opportunities for hackers to take screenshots of infected computers, capture credit card details and passwords as they are entered on the keyboard, hijack the webcam, and steal files".

HandBrake advised Mac users to open up their Terminal application and run a few commands before removing any installs of the HandBrake app from their system. Users are also advised to change all passwords stored in any OSX KeyChain or browser password stores.

"We have been informed that the process to update the definitions for OSX's XProtect feature started this morning, so this should start rolling out to machines automatically soon if not already," the team said.

While the affected download mirror server has been shut down for investigation, the primary download mirror and the HandBrake website are unaffected. The team did not name any suspected attackers or mention how the attackers gained access to the download mirror.

"The sad truth, of course, is that Mac users are typically less likely to be running an anti-virus product than their Windows counterparts – making them a soft target for cybercriminals interested in targeting the platform," Cluley wrote. "In recent years take-up of Mac security solutions has risen as the threat has risen – but it still drags compared to Microsoft Windows users."