Mac HandBrake Virus: How to check if your Mac is infected

“HandBrake is an open-source video transcoder that’s available on Mac,” Sean Keach writes for Trusted Reviews. “It’s freely available and very popular, as it allows users to convert video to different formats.”

“But that popularity could be about to take a downswing, as the team behind the program are now warning users that they may have accidentally downloaded spyware to their machine,” Keach writes. “If you downloaded the HandBrake for Mac software between May 2 and May 6, you may have downloaded a version of the OSX.PROTON trojan malware onto your system.”

“To check if you’re infected, open the OS X Activity Monitor. If you see a process called ‘activity_agent’ then you’re infected,” Keach writes. “Fortunately, if your machine has been infected, it’s very easy to remove the Proton trojan.”

How to remove the Proton trojan here.

MacDailyNews Take: As Keeach reminds, Apple has already pushed out a new signature that should prevent new infections.

Handbrake warns Mac users after mirror download server hack – May 7, 2017


  1. … I’ll skip my usual lecture about malware and the various kinds.

    Instead,It’s Schadenfreude Time!

    Let’s enjoy what’s going on in Android Security this week:

    Android O-mg. Google won’t kill screen hijack nasties on Android 6, 7 until the summer
    Try not to download anything nasty from the Play Store

    Nearly 40 per cent of Android users are vulnerable to a security design flaw that Google won’t fix until the next major revision of the mobile operating system….

    So what did Google do? In Android 6.0.1 it removed the requirement for explicit user permission to use SYSTEM_ALERT_WINDOW. Now apps downloaded from the Google Play store can use it as they wish without the user’s explicit blessing – which means the software can force ads onto the screen, potentially phish victims, hijack taps on the UI, takeover the screen until a ransom is paid, and so on.

    *Basking in Apple Walled Garden of Security*

  2. And again>/i> It’s Schadenfreude Time!

    This time, let’s laugh and laugh at Windows victims:

    It’s 2017 and Windows PCs are being owned by EPS files, webpages
    Get patching ASAP as exploits are being used in the wild – and fix Adobe stuff, too

    The May edition of Patch Tuesday addresses blunders in Internet Explorer, Edge, Windows, Office, and the .NET Framework. In total, 55 bugs have been squashed, including 17 that have been rated as critical security risks.

    Of the three bad bugs being actively exploited in the wild, two can be used to achieve remote code execution: CVE-2017-0222 in Internet Explorer 10 and 11, and CVE-2017-0261 in Microsoft Office 2010, 2013 and 2016. The third is an elevation of privilege bug, CVE-2017-0263, in all supported versions of Windows….

      1. Problem is no matter how much I tell my Android owning friends about the flaws in their phones they still hate Iphone because “Apple won’t let you install anything you like on iPhone”.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.