When Your Media Player Watches You – Trojan Infects Software Downloads for Macs
Users downloading a media player to watch videos on their Macs ended up being watched by cybercriminals using Trojan malware to spy on victims’ operating systems.
Unfortunately, that’s the case for the popular Mac OSX media player, Elmedia Player. A trojanized version of the program has hit the scene as a result of the developer’s servers being hacked by cybercriminals.
It all started when a Remote Access Trojan (RAT), named Proton, snuck into the developer’s servers via a breach in their JavaScript library. From there, the threat was able to actually live on the developers official site for a period of time. Seemingly complete legitimate, the trojanized player was ready for download, which translates to: ready to infect any innocent user that may stumble across it.
The compromised package was created in order to deliver the latest version of the Proton backdoor on a broad scale. Proton is a Trojan that poses as legitimate programs or files, such as Elmedia Player, in order to trick and entice users into unknowingly running it. Upon being launched, the Proton backdoor provides attackers with an almost full view of the compromised system, allowing the theft of browser information, keylogs, usernames and passwords, cryprocurrency wallets, macOS keychain data and more.
Users have been warned that if they downloaded the software prior to the October 19th disclosure (after which Eltima Software removed the program from the site), they run the risk of having their system infected by the malware. And since Elmeida boasts over one million users, it’s crucial we all start looking towards next steps.
Users can start by seeing if any of the following files or directories are on their system, which would mean the trojanized version of Elmedia Player has been installed:
- /tmp/Updater.app/
- /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
- /Library/.rand/
- /Library/.rand/updateragent.app/
If a user is in fact infected, the next step would be to undergo a full OS re-installation. And for Elmedia Player users who are wishing to run the program safely once more, fear not. Users are now able to download a clean version of Elmedia Player from the Eltima website, which has said to be now free of compromise.
To learn more about this Trojan, and others like, be sure to follow @McAfee and @McAfee_Business.
The post When Your Media Player Watches You – Trojan Infects Software Downloads for Macs appeared first on McAfee Blogs.
Read more: When Your Media Player Watches You – Trojan Infects Software Downloads for Macs
More antivirus and malware news?
- Hackers Target Security Firm Fox-IT
- LockBit Ransomware Affiliate Sentenced to Prison in Canada
- Microsoft Windows Graphics CVE-2017-0025 Local Privilege Escalation Vulnerability
- Facebook fake poses as Prince Harry to con Austrian tradesman
- OpenAI Bans ChatGPT Accounts Used by Chinese Group for Spy Tools
- How Does Tesla Build a Supercharger Charging Site?
- The two most important ways to defend against security threats
- 300 Malicious ‘Vapor’ Apps Hosted on Google Play Had 60 Million Downloads
- Microsoft Windows Hyper-V CVE-2019-0713 Remote Denial of Service Vulnerability
- ImageMagick Vulnerability Allows for Remote Code Execution, Now Patched