If you downloaded Handbrake (the popular video-encoding Mac app) last week between [02/May/2017 14:30 UTC] and [06/May/2017 11:00 UTC], your Mac may be seriously hacked.
The distributors of media transcoding program HandBrake have published a statement warning the users that some downloads of the installer for the Mac version of the app may contain a Trojan malware and needs to verify the SHA1 / 256 sum of the file before running it.
The hackers replaced the official installer file “HandBrake-1.0.7.dmg” with a modified version that contained the Trojan virus, so users should verify the downloaded file on their systems.
You can check the Mac’s Activity Monitor application and see if you have a process called “Activity_agent”. If so, you are hacked.
If you still have the downloaded installer file on your system, you can also check if it has either of the following checksums, which mean that the file has been modified by hackers.
SHA1: 0935a43ca90c6c419a49e4f8f1d75e68cd70b274
SHA256: 013623e5e50449bbdf6943549d8224a122aa6c42bd3300a1bd2b743b01ae6793
You can remove the malware simply by opening the terminal and type the following commands:
“launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist”
“rm -rf ~/Library/RenderFiles/activity_agent.app”
“if ~/Library/VideoFrameworks/ contains proton.zip, remove the folder”
Then open your Applications folder and delete any installations of Handbrake.app there.
It’s also recommended that you change all passwords.