Source Code for Several Panic Apps Stolen via HandBrake Malware Attack

by

In early May, a mirror download server hosting popular Mac transcoder app HandBrake was hacked, and the legitimate version of HandBrake was replaced with a version infected with OSX.PROTON, a remote access trojan giving hackers root-access privileges to a Mac.

In a blog post shared today, Panic Inc. developer and co-founder Steven Frank said he downloaded the infected version of HandBrake, which led to the theft of much of the source code behind Panic's apps. Panic offers several apps, including web editor Coda, FTP app Transmit, SSH client Prompt, and Firewatch, an adventure game.


Hackers accessed Frank's computer through the infected HandBrake software and were able to obtain his usernames and passwords, including git credentials. Several source code repositories were cloned by the attackers, who have demanded "a large bitcoin ransom" to stop the release of the source code, a ransom Panic does not intend to pay.

While Panic's source code has been stolen, the company says that a careful review of its logs indicates that the theft was the extent of the damage - the hacker did not access customer information or Panic Sync Data.

- There's no indication any customer information was obtained by the attacker.
- Furthermore, there's no indication Panic Sync data was accessed.
- Finally, our web server was not compromised.

(As a reminder, we never store credit card numbers since we process them with Stripe, and all Panic Sync data is encrypted in such a way that even we can't see it.)

According to Panic, the source code for the apps could potentially be used by hackers to create malware-infected builds of the company's apps, so users should be vigilant and download Panic apps only from the company's website or the Mac App Store.

Panic has been in contact with both the FBI and Apple. Apple's security team is "standing by to quickly shut down any stolen/malware-infested versions" of Panic apps that are discovered, while the FBI is actively investigating the attack.

Panic is asking customers to notify the company of any unofficial or cracked versions of Panic apps that are discovered in the wild, as any such content is likely infected with malware.

Top Rated Comments

(View all)
Avatar
44 months ago

Probably an idea to just give it away now. If it's free from their site it won't be downloaded elsewhere.

Any excuse for some freebies...
Score: 16 Votes (Like | Disagree)
Avatar
44 months ago
I really like Panic apps I bought both Coda and Transmit my only regret is when they pulled out Coda from the AppStore and made it only available thru their website. Maybe be it's time to put it back on the app store
Anyway they don't deserve this and they have my empathy and compassion for what they're going thru.
Score: 11 Votes (Like | Disagree)
Avatar
44 months ago
Not that I wish anything bad on anyone but am I the only one wondering why he was downloading a utility like Handbrake onto a machine with the company source code. Seems like that was not the wisest move.
Score: 9 Votes (Like | Disagree)
Avatar
44 months ago
If apps like Handbrake were allowed in the App Store this wouldn't have been a problem in the first place.
Score: 7 Votes (Like | Disagree)
Avatar
44 months ago
Yikes. Maybe it's time to.......Panic!!
Score: 6 Votes (Like | Disagree)
Avatar
44 months ago

There are many great applications out there that cannot be added to the app store due to Apple restrictions.

In many cases it would not be possible to modify these applications accordingly.

Yeah, that's the biggest problem, and it's why the Mac App Store hasn't caught on more than it has. Apple requires all MAS apps to enable sandboxing, which greatly limits what a Mac application can do, among other issues.

Apple never should have applied the same policy to Mac App Store apps as they did to the iOS App Store. Macs are full-fledged general purpose computers with a different usage scenario than iOS devices; treating them both the same for app policy is short-sighted.

I remember when there were a far greater variety of apps in the Mac App Store, then Apple tightened the policies and a bunch of app developers jumped ship, distributing directly instead. It's a shame because the store was a good idea, just poorly executed.
Score: 6 Votes (Like | Disagree)

Top Stories

Leaker: 'iPhone 12 mini' and iPhone 12 Storage Capacities Start at 64GB, Pro Models at 128GB

Tuesday September 29, 2020 2:31 am PDT by
Rumors suggest Apple's iPhone 12 launch event will be held on October 13, with the more affordable 5.4 and 6.1-inch devices set to ship out ahead of the more expensive 6.1-inch and 6.7-inch Pro devices, and this morning hit-and-miss leaker Jon Prosser has further committed to that date by providing alleged details on Apple's first shipment of finalized iPhone 12 units. Prosser claims the...

Hands-On With iOS 14.2's New Shazam Music Recognition Toggle in Control Center

Monday September 28, 2020 2:35 pm PDT by
Shortly after launching iOS 14, Apple introduced an upcoming iOS 14.2 update, which is now available to developers and public beta testers ahead of a public release that could come at some point in October. Subscribe to the MacRumors YouTube channel for more videos. The iOS 14.2 update mainly focuses on the Control Center, introducing a new Music Recognition toggle that deepens the Shazam...

Top Stories: iOS 14 Feature Tour, 'iPhone 12 mini' Rumors, Apple Watch Band Controversy

Saturday September 26, 2020 6:00 am PDT by
Things started to calm down a bit this week following last week's rush of media event, Apple Watch and iPad launches, and the release of iOS 14 and other operating updates. But that doesn't mean there wasn't still a lot of news, from digging deeper into iOS 14 to more iPhone 12 rumors to the uproar over trying to exchange band sizes on the new Apple Watch. On top of all of that, we heard...

DigiTimes: 12.9-inch Mini-LED iPad Pro Arriving Early 2021, Mini-LED MacBook Coming Later

Tuesday September 29, 2020 4:18 am PDT by
Apple will launch a 12.9-inch mini LED-backlit iPad Pro in early 2021 and a mini LED-backlit MacBook in the second-half of next year, according to DigiTimes. The Taiwan-based industry publication claims Epistar will supply the over-10,000 mini LEDs used in each iPad Pro tablet. Meanwhile, Apple is expected to recruit Osram Opto as another supplier of mini LEDs for use in a new "high-end"...

iPhone 12 May Launch Earlier Than Usual in South Korea

Monday September 28, 2020 5:24 am PDT by
The upcoming iPhone 12 lineup may launch earlier than usual in South Korea, reports The Korea Herald. South Korean telecoms firms speaking to The Korea Herald have said that the iPhone 12 lineup will launch ahead of its usual schedule. Normally, the release of new iPhones in South Korea comes about one month after launch in the United States. Last year, the iPhone 11 arrived in South Korea ...

iOS 14: 'Phoenix 2' Space Shooter Delivers Playable Demo via App Clips

Saturday September 26, 2020 2:08 pm PDT by
One of the new features that arrived in iOS 14 is called App Clips. App Clips is described by Apple to be a "small part of your app" that can be available to users at just the right moment.App Clips focus on finishing one task quickly. An ideal App Clip experience allows users to open and complete a task in seconds. Instead of requiring an App Store download, they can be loaded and run via...

Epic Games Unlikely to Win Injunction in Ongoing Fortnite Battle With Apple, Jury Trial Possible

Monday September 28, 2020 1:14 pm PDT by
The ongoing legal dispute between Apple and Epic Games continued on today, with a preliminary injunction hearing taking place this morning. We're still waiting to hear the judge's official ruling, but it looks like Epic is not going to be granted an injunction to allow Fortnite back into the App Store as the case unfolds. Many of the arguments that lawyers for Apple and Epic Games made were...

iPhone 12 Production Lines at Foxconn's Zhengzhou Factory in China Running '24 Hours a Day'

Tuesday September 29, 2020 3:38 am PDT by
Apple contract manufacturer Foxconn is running its massive Zhengzhou factory in China 24 hours a day to produce the new iPhone 12, according to Chinese media reports. Apple's main iPhone manufacturer in China is said to be cancelling workers' holidays and introducing mandatory overtime with additional bonuses for longer-serving staff, according to information garnered from employees,...

'iPhone 12 mini' Name Reappears in Leaked Apple iPhone 12 Case Stickers

Friday September 25, 2020 1:58 am PDT by
Earlier this week a proven leaker claimed that the iPhone 12 lineup would be named "iPhone 12 mini," "iPhone 12," "iPhone 12 Pro," and "iPhone 12 Pro Max," and today the same nomenclature has appeared again in a photo depicting alleged stickers from unreleased Silicone iPhone cases originating from Apple's international distribution center in Ireland. The photo shows three stickers with the...

Apple Releases iOS 14.0.1 With Fix for Bug That Resets Default Apps After Rebooting

Thursday September 24, 2020 10:12 am PDT by
Apple today released iOS 14.0.1, the first update to the iOS 14 operating system that was released on September 16. Today's update is a bug fix update addressing issues that weren't able to be fixed in the initial iOS 14 launch. The iOS 14.0.1 update is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General > Software Update. ...