- Elmedia video player for mac install#
- Elmedia video player for mac update#
- Elmedia video player for mac software#
Elmedia video player for mac install#
The difference is that the rogue HandBrake installer was not digitally signed, meaning that users would have had to override Gatekeeper manually in order to install it. In both cases, the trojanized installers infected computers with Proton and in both cases the malware's command-and-control servers used domain names similar to those of the compromised software. There is some evidence that this new attack might have been perpetrated by the same attackers who compromised a legitimate download server for the HandBrake video converter application in May and distributed a malicious version of that program to macOS users. "It appears Apple has a problem with ensuring only legitimate developer IDs are given out," Wardle said.Īpple revoked the misused Clifton Grimm certificate after being alerted by ESET and Eltima, but users who downloaded and executed the rogue Elmedia Player and Folx installers before this happened didn't get a Gatekeeper warning. Because of this, most Mac malware is now signed with stolen or fraudulently obtained Apple developer IDs, with the latter being much more likely, he said. Gatekeeper, Apple's first line of defense against malware, allows signed binaries to execute without warning by default, Patrick Wardle, director of research at Synack and a macOS security expert, told me in a Twitter direct message. It's not clear if this certificate was obtained from Apple by using a fake identity or if it was stolen from another developer. The malicious installers were not digitally signed with Eltima's Apple developer certificate, but with a different developer ID under the name Clifton Grimm. Instead, the hackers just managed to hack into Eltima's website through a vulnerability in a JavaScript-based library called TinyMCE. The attackers don't appear to have compromised the company's development infrastructure, as happened recently with the developer of a Windows application called CCleaner. On Friday morning, Eltima announced that both apps are now "safe to install and malware-free."
Elmedia video player for mac software#
"Users who downloaded and executed the software on October 19 before 3:15 PM EDT, are likely compromised," the ESET researchers said. The malicious installers were available on Eltima's website for around 24 hours and were downloaded by almost 1,000 users.
The security breach happened Thursday and was discovered relatively fast by ESET who reported the incident to the software developer.
Elmedia video player for mac update#
"The built-in automatic update mechanism seems to be unaffected."
Only the installers for Elmedia Player and Folx downloaded by users from the company's website contained the Proton trojan, an Eltima spokeswoman told me. The company provides free and paid versions of its software programs and distributes them through its website and through the Mac App Store. Read more: What Is a 'Supply Chain Attack?'Įlmedia Player has 1 million users as of August, according to Eltima. The Proton malware is capable of stealing a lot of data from infected computers including history, cookies, bookmarks, and log-in data from browsers cryptocurrency wallets SSH authentication keys macOS keychain data Tunnelblick VPN configuration data PGP encryption keys and data stored in 1Password, a password management application. Eltima told me in an email that hackers also managed to trojanize one of the company's other applications, an internet download manager called Folx that also acts as a BitTorrent client.
0 kommentar(er)
