HandBrake Download Server Compromised with Mac Malware

Between May 2 and May 6, 2017, one of the two download servers hosting the macOS version of HandBrake, a video conversion application, was compromised and the legitimate HandBrake software file was replaced with a malicious version containing the Proton remote access trojan (RAT). If installed, Proton creates a backdoor into the infected system, allowing remote actors to monitor keystrokes, steal passwords and other data, and conduct webcam surveillance. The NJCCIC recommends anyone who downloaded HandBrake for the macOS platform between May 2 and May 7 review the HandBrake Security Warning and follow the instructions provided to verify the SHA1/256 checksum of the downloaded application file and scan for running processes associated with the Proton RAT.