Source Code for Several Panic Apps Stolen via HandBrake Malware Attack - MacRumors
Skip to Content

Source Code for Several Panic Apps Stolen via HandBrake Malware Attack

by

In early May, a mirror download server hosting popular Mac transcoder app HandBrake was hacked, and the legitimate version of HandBrake was replaced with a version infected with OSX.PROTON, a remote access trojan giving hackers root-access privileges to a Mac.

In a blog post shared today, Panic Inc. developer and co-founder Steven Frank said he downloaded the infected version of HandBrake, which led to the theft of much of the source code behind Panic's apps. Panic offers several apps, including web editor Coda, FTP app Transmit, SSH client Prompt, and Firewatch, an adventure game.

panicapps
Hackers accessed Frank's computer through the infected HandBrake software and were able to obtain his usernames and passwords, including git credentials. Several source code repositories were cloned by the attackers, who have demanded "a large bitcoin ransom" to stop the release of the source code, a ransom Panic does not intend to pay.

While Panic's source code has been stolen, the company says that a careful review of its logs indicates that the theft was the extent of the damage - the hacker did not access customer information or Panic Sync Data.

- There's no indication any customer information was obtained by the attacker.
- Furthermore, there's no indication Panic Sync data was accessed.
- Finally, our web server was not compromised.

(As a reminder, we never store credit card numbers since we process them with Stripe, and all Panic Sync data is encrypted in such a way that even we can't see it.)

According to Panic, the source code for the apps could potentially be used by hackers to create malware-infected builds of the company's apps, so users should be vigilant and download Panic apps only from the company's website or the Mac App Store.

Panic has been in contact with both the FBI and Apple. Apple's security team is "standing by to quickly shut down any stolen/malware-infested versions" of Panic apps that are discovered, while the FBI is actively investigating the attack.

Panic is asking customers to notify the company of any unofficial or cracked versions of Panic apps that are discovered in the wild, as any such content is likely infected with malware.

Tags: Handbrake, Malware, Panic

Top Rated Comments

mw360 Avatar
mw360
118 months ago
Probably an idea to just give it away now. If it's free from their site it won't be downloaded elsewhere.
Any excuse for some freebies...
Score: 16 Votes (Like | Disagree)
canadianreader Avatar
canadianreader
118 months ago
I really like Panic apps I bought both Coda and Transmit my only regret is when they pulled out Coda from the AppStore and made it only available thru their website. Maybe be it's time to put it back on the app store
Anyway they don't deserve this and they have my empathy and compassion for what they're going thru.
Score: 11 Votes (Like | Disagree)
roland.g Avatar
roland.g
118 months ago
Not that I wish anything bad on anyone but am I the only one wondering why he was downloading a utility like Handbrake onto a machine with the company source code. Seems like that was not the wisest move.
Score: 9 Votes (Like | Disagree)
M
MichaelQ
118 months ago
If apps like Handbrake were allowed in the App Store this wouldn't have been a problem in the first place.
Score: 7 Votes (Like | Disagree)
zorinlynx Avatar
zorinlynx
118 months ago
There are many great applications out there that cannot be added to the app store due to Apple restrictions.

In many cases it would not be possible to modify these applications accordingly.
Yeah, that's the biggest problem, and it's why the Mac App Store hasn't caught on more than it has. Apple requires all MAS apps to enable sandboxing, which greatly limits what a Mac application can do, among other issues.

Apple never should have applied the same policy to Mac App Store apps as they did to the iOS App Store. Macs are full-fledged general purpose computers with a different usage scenario than iOS devices; treating them both the same for app policy is short-sighted.

I remember when there were a far greater variety of apps in the Mac App Store, then Apple tightened the policies and a bunch of app developers jumped ship, distributing directly instead. It's a shame because the store was a good idea, just poorly executed.
Score: 6 Votes (Like | Disagree)
noah82 Avatar
noah82
118 months ago
Yikes. Maybe it's time to.......Panic!!
Score: 6 Votes (Like | Disagree)
Read All Comments

Popular Stories

Four iPhone 18 Pro Colors Mock Feature

iPhone 18 Pro Launching Later This Year With These 10 New Features

Tuesday May 26, 2026 6:32 am PDT by
While the iPhone 18 Pro and iPhone 18 Pro Max are not launching until September, there are already plenty of rumors about the devices. It was initially reported that the iPhone 18 Pro models would have fully under-screen Face ID, with only a front camera visible in the top-left corner of the screen. However, the latest rumors indicate that only one Face ID component will be moved under the...
Read Full Article52 comments
Apple Watch Blood Glucose Monitoring Feature 2

Apple Watch for Diabetes: The Latest on Apple's Plans for Non-Invasive Blood Sugar Monitoring

Tuesday May 26, 2026 9:30 am PDT by
For many years now, it has been rumored that the Apple Watch will eventually gain non-invasive blood sugar monitoring capabilities, which would enable millions of people with diabetes to track their blood glucose levels without needing to prick their skin with a needle or wear a dedicated continuous glucose monitor. According to Bloomberg's Mark Gurman, Apple recently shifted oversight of...
Read Full Article75 comments
apple wallet drivers license feature iPhone 15 pro

Apple Just Expanded iPhone Driver's License Feature to Arkansas

Wednesday May 27, 2026 9:41 am PDT by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. Starting today, the feature is available in Arkansas, which is the 14th state to offer it. However, it may take some time to roll out to all users. To...
Read Full Article47 comments