In early May, a mirror download server hosting popular Mac transcoder app HandBrake was hacked, and the legitimate version of HandBrake was replaced with a version infected with OSX.PROTON, a remote access trojan giving hackers root-access privileges to a Mac.
In a blog post shared today, Panic Inc. developer and co-founder Steven Frank said he downloaded the infected version of HandBrake, which led to the theft of much of the source code behind Panic's apps. Panic offers several apps, including web editor Coda, FTP app Transmit, SSH client Prompt, and Firewatch, an adventure game.
Hackers accessed Frank's computer through the infected HandBrake software and were able to obtain his usernames and passwords, including git credentials. Several source code repositories were cloned by the attackers, who have demanded "a large bitcoin ransom" to stop the release of the source code, a ransom Panic does not intend to pay.
While Panic's source code has been stolen, the company says that a careful review of its logs indicates that the theft was the extent of the damage - the hacker did not access customer information or Panic Sync Data.
Panic has been in contact with both the FBI and Apple. Apple's security team is "standing by to quickly shut down any stolen/malware-infested versions" of Panic apps that are discovered, while the FBI is actively investigating the attack.
Panic is asking customers to notify the company of any unofficial or cracked versions of Panic apps that are discovered in the wild, as any such content is likely infected with malware.
In a blog post shared today, Panic Inc. developer and co-founder Steven Frank said he downloaded the infected version of HandBrake, which led to the theft of much of the source code behind Panic's apps. Panic offers several apps, including web editor Coda, FTP app Transmit, SSH client Prompt, and Firewatch, an adventure game.
Hackers accessed Frank's computer through the infected HandBrake software and were able to obtain his usernames and passwords, including git credentials. Several source code repositories were cloned by the attackers, who have demanded "a large bitcoin ransom" to stop the release of the source code, a ransom Panic does not intend to pay.
While Panic's source code has been stolen, the company says that a careful review of its logs indicates that the theft was the extent of the damage - the hacker did not access customer information or Panic Sync Data.
- There's no indication any customer information was obtained by the attacker.According to Panic, the source code for the apps could potentially be used by hackers to create malware-infected builds of the company's apps, so users should be vigilant and download Panic apps only from the company's website or the Mac App Store.
- Furthermore, there's no indication Panic Sync data was accessed.
- Finally, our web server was not compromised.
(As a reminder, we never store credit card numbers since we process them with Stripe, and all Panic Sync data is encrypted in such a way that even we can't see it.)
Panic has been in contact with both the FBI and Apple. Apple's security team is "standing by to quickly shut down any stolen/malware-infested versions" of Panic apps that are discovered, while the FBI is actively investigating the attack.
Panic is asking customers to notify the company of any unofficial or cracked versions of Panic apps that are discovered in the wild, as any such content is likely infected with malware.
94 comments
Apple TV+ series "The Morning Show" has been nominated for three Screen Actors Guild Awards for outstanding male actor and outstanding female actor.
Steve Carell and Billy Crudup, who...
Apple is rumored to launch four 5G-enabled iPhones in fall 2020, and while 5G-related components could raise the production costs of the devices by $30 to $100 depending on the model, analyst...
Apple appears to be working on new "Powerbeats4" wireless earphones to replace the existing Powerbeats3, based on strings in iOS 13.3 code uncovered by MacRumors contributor Steve Moser.
...
Early reports from 16-inch MacBook Pro owners who have installed the macOS Catalina 10.15.2 update suggest that the new software fixes some of the speaker popping issues that were plaguing these...
With the new 2019 Mac Pro now available for purchase, Apple has begun sharing support documents and tutorial videos covering the new high-end machine that's designed for professional users.
...
Apple's new Pro Display XDR comes with an optional nano-texture glass, which is etched at the nanometer level to cut down on reflectivity and glare for a matte look.
The nano-texture glass...
There was a serious AirDrop bug in iOS 13.2.3 that let attackers overwhelm nearby iPhones with files, causing them to lock up, reports TechCrunch. Apple addressed the bug in the iOS 13.3 update, and...
Ahead of the release of the Mac Pro and Pro Display XDR, Apple gave several of the machines to prominent tech YouTubers to test out, and their first impressions, overviews, and unboxings of the Mac...
