Eltima Website Has Been Hacked!

  • 73
  •  
  •  
  • 1
  •  
  •  
  •  
    74
    Shares

ESET security researchers found that the website of Eltima, the makers of the Elmedia Player software, has been hacked and spreading a version of their application trojanized with the OSX/Proton malware on their official website. The malware research company (ESET) informed Eltima as soon as the situation was confirmed.

Elmedia Player is a very popular media player that reached the 1 million users milestone this summer.

According to Eltima:
“On the 19th of October 2017 we were informed by a malware research company ESET that our servers have been hacked and our apps namely Folx and Elmedia Player DMG files are distributed with a malware.”

An attacker can use Proton which is a very powerful malware to collect different data from infected hosts, such as operating system details, browser passwords, cookies, history, data on cryptocurrency wallets, SSH private keys, macOS keychain data, VPN configs, GnuPG data, 1Password data, and much more.

ESET security researchers advise users who downloaded Elmedia Player or Folx software lately to check if their system is compromised by testing the existence of any of the following file or directory:
– /tmp/Updater.app/
– /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
– /Library/.rand/
– /Library/.rand/updateragent.app/

If any of them exists, that means the trojanized Elmedia Player or Folx app was executed and that OSX/Proton is most likely running.

“If you have downloaded that software on October 19th before 3:15pm EDT and run it, you are likely compromised.”

The following two tabs change content below.
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]
Avatar

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!