The news broke a few hours ago. Downloads of the popular HandBrake video converter made from day 2 to day 6 could be infected by the OSX.PROTON Trojan. The news seems to be confirmed, since the same developer transfers it to its users through the forum from the program page. In recent times we are observing how our MacOs are no longer 100% infallible. Even so, it is tremendously safer than other operating systems, as we know of some type of Trojan every 3 to 4 months. However, this week, we have known the appearance of a new OSX.BELLA Trojan we hope to have no new surprises in the coming days.
As we said, the news appears in the Forum of the program page, and the user who publishes it is HandBrake. It is difficult for the identity of a user to be impersonated, and more so if it is the same moderator, therefore we are going to give it credibility. The post comes at 8.10 am on the 6th, in which it is announced that downloads made between May 2, 2017 at 14:30 UTC and May 6, 2017 at 11:00 UTC, you have a 50% chance of being infected by the OSX.PROTON Trojan.
In the post they ask us to verify our downloaded version and tell us how to do it. The first, open your Mac activity monitor. If you don't know how to do it, go to Spotlight (Cmd + escape) and write activity monitor. Go to the CPU tab and then to Memory. If the process appears in either of the two tabs activity_agent, your Mac is probably infected.
In such case, delete it. To do this, open terminal, according to your usual way, or in the commented way to open activity monitor. Now enter the following commands one by one:
launchctl unload ~ / Library / LaunchAgents / fr.handbrake.activity_agent.plist
rm -rf ~ / Library / RenderFiles / activity_agent.app
if ~ / Library / VideoFrameworks / contains proton.zip, remove the folder
Finally, search and uninstall all versions of "HandBrake.app".
Now you have eliminated the Trojan, but you do not know the damage it could have caused you. Therefore, change all the passwords you have at your disposal on the macOS keychain.