In early May, a mirror download server hosting popular Mac transcoder app HandBrake was hacked, and the legitimate version of HandBrake was replaced with a version infected with OSX.PROTON, a remote access trojan giving hackers root-access privileges to a Mac.
In a blog post shared today, Panic Inc. developer and co-founder Steven Frank said he downloaded the infected version of HandBrake, which led to the theft of much of the source code behind Panic's apps. Panic offers several apps, including web editor Coda, FTP app Transmit, SSH client Prompt, and Firewatch, an adventure game.
Hackers accessed Frank's computer through the infected HandBrake software and were able to obtain his usernames and passwords, including git credentials. Several source code repositories were cloned by the attackers, who have demanded "a large bitcoin ransom" to stop the release of the source code, a ransom Panic does not intend to pay.
While Panic's source code has been stolen, the company says that a careful review of its logs indicates that the theft was the extent of the damage - the hacker did not access customer information or Panic Sync Data.
Panic has been in contact with both the FBI and Apple. Apple's security team is "standing by to quickly shut down any stolen/malware-infested versions" of Panic apps that are discovered, while the FBI is actively investigating the attack.
Panic is asking customers to notify the company of any unofficial or cracked versions of Panic apps that are discovered in the wild, as any such content is likely infected with malware.
In a blog post shared today, Panic Inc. developer and co-founder Steven Frank said he downloaded the infected version of HandBrake, which led to the theft of much of the source code behind Panic's apps. Panic offers several apps, including web editor Coda, FTP app Transmit, SSH client Prompt, and Firewatch, an adventure game.
Hackers accessed Frank's computer through the infected HandBrake software and were able to obtain his usernames and passwords, including git credentials. Several source code repositories were cloned by the attackers, who have demanded "a large bitcoin ransom" to stop the release of the source code, a ransom Panic does not intend to pay.
While Panic's source code has been stolen, the company says that a careful review of its logs indicates that the theft was the extent of the damage - the hacker did not access customer information or Panic Sync Data.
- There's no indication any customer information was obtained by the attacker.According to Panic, the source code for the apps could potentially be used by hackers to create malware-infected builds of the company's apps, so users should be vigilant and download Panic apps only from the company's website or the Mac App Store.
- Furthermore, there's no indication Panic Sync data was accessed.
- Finally, our web server was not compromised.
(As a reminder, we never store credit card numbers since we process them with Stripe, and all Panic Sync data is encrypted in such a way that even we can't see it.)
Panic has been in contact with both the FBI and Apple. Apple's security team is "standing by to quickly shut down any stolen/malware-infested versions" of Panic apps that are discovered, while the FBI is actively investigating the attack.
Panic is asking customers to notify the company of any unofficial or cracked versions of Panic apps that are discovered in the wild, as any such content is likely infected with malware.
94 comments
After posting a brief teaser last week, Apple today shared the first official trailer for "The Morning Show" starring Reese Witherspoon, Jennifer Aniston, and Steve Carell.
The trailer...
Apple today revealed job creation figures in South Korea for the first time since entering the country two decades ago, as noted by The Korea Herald.
In a new page on its website, Apple says...
Apple CEO Tim Cook and U.S. President Donald Trump met for dinner on Friday evening, and Trump has since told reporters that the two discussed the impact of U.S. tariffs on Apple products imported...
Apple Arcade, Apple's upcoming subscription-based gaming service, was first introduced in March and is set to launch this fall.
Ahead of the upcoming launch, Apple has debuted an early...
New leaked assets from the watchOS 6 beta suggest Apple plans to launch new ceramic and titanium Apple Watch models as early as next month.
Discovered by iHelpBR, the assets belong to the...
Apple in iOS 13 made changes to the way location tracking permissions work, and there's no longer an option for apps to ask to "Always Allow" location tracking.
Instead, Apple allows...
Along with many new features for the iPhone and the iPad, iOS 13 brings updates to CarPlay, overhauling the interface for the first time in years and adding useful new functionality.
In our...
Japan Display will supply OLED displays for new Apple Watch Series 5 models slated to launch in the second half of 2019, according to the latest prediction from well-known analyst Ming-Chi Kuo.
...
