back to article Russian RATs bite Handbrake OSX download mirror

If you use the popular video transcoder Handbrake on a Mac, the distributors want you to check the download hash after one of their mirrors was compromised. Users who downloaded a trojan-infected version of Handbrake will need to change all their KeyChain passwords (lovely), and any passwords they stored in their browsers. …

  1. jonnycando

    That goodness MAC OS is a UNIX, so users can actually remove this puppy with a a few keystrokes in the terminal command line.

    1. Insane Reindeer

      Yes...

      ...Because in 2017 the vast majority of Apple users know the following things:

      A) The OS on their computers is UNIX based and *not* some "better version of Windows"

      B) What a "terminal command line" is

      C) How to use said terminal command line

      NOT!

      1. Anonymous Coward
        Anonymous Coward

        Re: Yes...

        ...Because in 2017 the vast majority of Apple users know the following things:

        But, as with all other variants of UNIX, they have by default all the right tools installed and can be given a simple HOWTO on how to use them to clean it up. No need to go for a hunt.

        Hit Cmd+spacebar, type "terminal" and hit Enter - away you go.

        1. Anonymous Coward
          Anonymous Coward

          Re: Yes...

          Well, any OS as command line utilities to kill a process and delete a file/folder, even Windows... the fact you don't know them just shows how little you know about Windows, nothing else.

          1. Hans 1

            Re: Yes...

            >Well, any OS [h]as command line utilities to kill a process and delete a file/folder, even Windows ...

            Yes, but the command line tools to delete registry keys are not as straight forward.

            They do have one thing in common, though:

            Windows uninstallers tend to leave heaps of crap in the registry, macos "uninstallers" tend to leave plist's in ~/Library/Preferences

      2. Adam 1

        Re: Yes...

        The sorts of folk mentioned by insane reindeer are not who you want to be running commands starting with rm -rf. Just saying.

        1. Khaptain Silver badge

          Question

          Will a Mac ( OSx) actually allow a user to execute any of the following..... I presume that it "should" but considering the results it might not...

          rm -rf /

          rm -rf .

          rm -rf *

          1. FuzzyWuzzys

            Re: Question

            "Will a Mac ( OSx) actually allow a user to execute any of the following..."

            No, it's bound by the same security as a reasonable Linux distro, you still need to run "sudo xyz" ( then enter password ) to get commands run with higher privs. Slightly better than *right-click*, "Run XYZ as Administrator"...

            1. Khaptain Silver badge

              Re: Question

              "No, it's bound by the same security as a reasonable Linux distro"

              I presume by that you mean BSD and not Linux.... and the fact that it requires "sudo" is just semantics really...

              So in other words, I can see that it can indeed be done..

    2. Jonathan 27

      That argument doesn't make sense because you can do that in just about any modern OS.

      1. Windows, Windows+R type "powershell"

      2. Linux, Terminal shortcut (CTRL+ALT+T in Ubuntu)

      3. ChromeOS has a terminal too, but it's very unlikely it would be affected by an issue like this seeing as it doesn't actually run binary applications.

      then run your commands.

      P.S. Mac OS is based on BSD, which while being POSIX-compatible is not Unix. It's a Unix-compatible clone. Berkeley even got sued over it and won because they didn't use the Unix source code. Heck you could even argue that Mac OS isn't really BSD either because it uses the Mach kernel. The architectural history of Mac OS X is really interesting and can't really be summed up in the statement "based on Unix". If you want to be that direct it's really based on NeXTSTEP, the OS built by Steve's other computer company.

      1. kain preacher

        Um Mac OS is certified as UNIX

  2. Your alien overlord - fear me

    Good to see they put the brakes on this one so quickly !!!!!

    1. Anonymous Coward
      Pint

      Thanks for the smile!

  3. Christian Berger

    It should be noted that...

    no "antivirus" noticed this, and if the download would have been a torrent, there wouldn't have been such a problem, as torrents have cryptographic checksums.

    1. Anonymous Coward
      Anonymous Coward

      Re: It should be noted that...

      if the download would have been a torrent, there wouldn't have been such a problem, as torrents have cryptographic checksums.

      So you reckon someone who is capable of breaking into those servers is not capable of forging a torrent file? Why would they have a problem there?

      BTW, this is again a trojan, so not really a drive by virus.

  4. defiler

    Malware? On a Mac?

    But people keep telling me that Macs don't get these kinds of problems.

    And I keep telling them straight back that writing malware solely for a Mac is like making Bride and Bride wedding cakes. It's a pretty limited market, for the effort you need to put in.

    I suppose it's a sign of Apple's success that people are bothering with malware for them...

    1. Paul_Murphy

      Re: Malware? On a Mac?

      I would say that they are a 'prime market' who have too much money and are more than happy for the inner workings of their iStuff to be hidden from them.

    2. Anonymous Coward
      Anonymous Coward

      Re: Malware? On a Mac?

      Apple's Success?

      Perhaps all the rabid Apple Haters out there are trying to get them put out of business so that all the Fruity loving hipsters will have to find another blingy toy to parade around with?

      Psssttttt I have a load of Note 7's that could do with nice homes....

      Only £400 each.

    3. Anonymous Coward
      Anonymous Coward

      Re: Malware? On a Mac?

      "But people keep telling me that Macs don't get these kinds of problems."

      Sadly those people are idiots and thankfully on the decline. I would suggest you either a) stop spreading that 1990s FUD and/or b) stop being smug and help out by helping to educate your ignorant friends that they need to treat OSX just like Windows, buy decent AV software ( there's plenty out their from the big AV names ) and don't do the usual shite like opening dodgy software or emails, etc.

      The only reason this FUD shite about OSX being holier than thou still persists is because people keep propagating it. Help put a stop to it. I use OSX, Linux and Windows to varying degrees and they're all vulnerable and as a proper dedicated IT professional I don't have a smug attitude that anything is better or worse than anything else, I will gladly help any one on any of the major platforms to look after themselves and stay safe.

    4. JCDenton

      Re: Malware? On a Mac?

      It's limited compared with Windows. According to the President or CEO (iForget) of Kapersky, finding virus writers for Mac OS is difficult because there aren't enough iCriminals who know anything about it.

      But that is changing, probably since Mac OS has so much more success in businesses than ever before. Antivirus software may become a lucrative market for Mac OS in the future.

  5. PaulR79
    Trollface

    *smug grin*

    "the note states. Windows users aren't affected."

    I'm just glad this is actually a thing. How many other WIndows users are happy? HANDS UP!

    Seriously though it made me do one of those short "hah" noises through my nose. I'm stuck in Linux running on a USB key after I broke my laptop's HDD cable retention clip. Feel free to laugh at me.

    1. Martin an gof Silver badge

      Re: *smug grin*

      I broke my laptop's HDD cable retention clip

      Sticky pads?

      M.

      1. PaulR79

        Re: *smug grin*

        @Martin an gof I think the connection itself is broken on the motherboard as no amount of holding that ribbon against it will le it see the drive any longer. I have since tried a replacement cable and that too proved fruitless. I appreciate the idea though.

  6. arthoss

    another problem of "free" software

    put it in the app store and no problem like this would appear. I would pay there too, and I'd prefer it, for safety.

    1. JCDenton

      Re: another problem of "free" software

      This is just as likely to happen to paid software that is not hosted on Apple's appstore. Software fronts like the appstore are not immune also. Just look at the GooglePlay store.

      1. Anonymous Coward
        Anonymous Coward

        Re: another problem of "free" software

        Yes, and no. The entrant "hoops" a dev must jump through to get their app on the App Store are many, and it takes quite a long time for them, so I've heard. Google Play does this to some extent, and their most recent security problem came from apps that self-updated. The App Store had it's problems as well, there was a hacked version of X-Code running about, and that would inject the malware into the app either when uploaded or at build time, my recollection is hazy there this was in 2015 or 2016. Anyway, for the most part the stricter the upload procedure the easier it is to spot malware laden apps and not post them, but then there are the self-modifying apps, and the dev kits from unofficial sources, that must be dealt with. And in the end there is no cure for a user who just chooses to go outside the garden.

        Also, there were viruses on MacOS back in the 1980s. I got some in about 1986-7 on my then new Mac SE. I unwisely choose to copy Crystal Quest from my girlfriend's work computer, and viola, tons of Mac-viri! I got some free cleanup software from my work, haha, and since then I've never contracted any other problems on the computers, nor do I bother to run any MacOS malware protection, other than what the Fruit Farm shoves in their builds and updates. It's all in where you don't go. Boring, vanilla, system yes? Highly clean and trustworthy, natch. Is it Unix? No. Is it BSD? Not really, more like a NextStep Darwin thingy with many unix-like parts on the inside and a pretty candy shell on the outside. The worst non-unixy thing is that there is no auto-mouse-focus when you are in the terminal.app. Otherwise, it gets the job done and serves up the iTunes bits to the other iDevices well enough. Thanks for reminding me to go install Handbrake on it, once they've had it cleaned up for a few days! And I need to see if there is some way to run Kodi on it. Not that I need the 7th player for my media lib, more like "can it do it, or no?" Most of the iDevices it is a no.

        I think that's my new tech-mantra; Does it run Kodi?

        1. arthoss

          Re: another problem of "free" software

          I remember the hacked Xcode. Still, being in an App Store means it can easily be nixed remotely by the store owner.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like