“Security researchers on welivesecurity published the discovery of yet another compromised download server distributing infected software with OSX/Proton malware. This time, Eltima, the makers of the Elmedia Player software were targeted. The trojan was found, reported and removed from the servers all on the same day, but it is currently unknown how long it was available or how many users may be affected,” Vrijenhoek writes. “Intego VirusBarrier identifies and eradicates the malware as OSX/Proton.C.”
“Only those who downloaded Elmedia Player from their server (https://mac.eltima.com/elmedia-player-download.html) received the malicious application. It was not distributed on any other websites, as far as we know, and the App Store version was not affected,” Vrijenhoek writes. “If you have downloaded and installed Elmedia Player on or before October 19, before 3:15PM EDT, welivesecurity noted that you are likely compromised.”
How to tell if your Mac is infected (and removal instructions) here.
MacDailyNews Note: As Vrijenhoek notes, “If a website doesn’t list checksums for their files, contact the developer and request those checksums before downloading a file. Without it, there really is no way to know if you’ve downloaded the file you came for or if the file was modified to be malicious.”
macOS trojan malware spread via compromised Eltima Software downloads – October 20, 2017
Handbrake warns Mac users after mirror download server hack – May 7, 2017