Mac owners who have recently downloaded Elmedia Player or Folx from Eltima Software may have unwittingly installed malware on their machines, reports ZDNet.

Downloads of Folx and Elmedia player were infected with Proton, a Remote Access Trojan, after Eltima's servers were hacked. The Proton backdoor lets attackers access browser information, keylogs, usernames, passwords, macOS keychain data, and more.

elmediaplayer

In an email to ZDNet, an Eltima spokesperson said that the malware was distributed with downloads as a result of their servers being "hacked" after attackers "used a security breach in the tiny_mce JavaScript library on our server."

The compromised software was discovered on October 19, and customers who downloaded software from Eltima on that date before 3:15 p.m. Eastern Time may be affected by the malware. The following files will be found on an infected system:

- /tmp/Updater.app/
- /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
- /Library/.rand/
- /Library/.rand/updateragent.app/

Apple and Eltima have disabled the developer ID that was used to sign the Proton-infected software bundle, and Eltima is working with Apple to figure out what happened.

Anyone who was impacted by the malware will need to reinstall macOS to get rid of it. Eltima says it has taken action to prevent against further attacks and improve its server security. Clean versions of Elmedia Player and Folx are now available from the Eltima website.

Top Rated Comments

Makosuke Avatar
Makosuke
105 months ago
Anyone who was impacted by the malware will need to reinstall macOS to get rid of it.
That is a heck of a removal procedure. Is there really no way to purge this without a full OS reinstall?
Score: 7 Votes (Like | Disagree)
Scooz Avatar
Scooz
105 months ago
Since I already suspected Eltima of being some agency outlet, since their software portfolio seems too good and diverse to be true and with deep roots into the system and network level while regularly lacking the last bit of polish, I am not surprised. :cool:

So I guess they are just checking out Apple‘s internal procedures for further infiltration now. :eek:

Of course, if they‘re not the dark hats themselves, they are a perfect target due the same reasons...

But then their strange office address...

Ah, have to hide...

</tinfoil>
Score: 6 Votes (Like | Disagree)
Wackery Avatar
Wackery
105 months ago
Clean versions of Elmedia Player and Folx are now available from the Eltima website.
optimistic thinking. No one’s downloading this anymore even if it’s fixed.
Score: 5 Votes (Like | Disagree)
MH01 Avatar
MH01
105 months ago
I had Transmission, their servers got infected.
I had Handbrake, their servers got infected.
I was trying out Elmedia Player, their servers got infected.

.. This is why I only use AppStore apps now. Apple's vetting may not be 100% accurate, but at least they have a vetting process.

Luckily my needs are not very complicated, so I can usually find alternatives on the AppStore.
Please tell us what other software you use :p
Score: 5 Votes (Like | Disagree)
msandersen Avatar
msandersen
105 months ago
A timely reminder for me to do a complete system backup with Carbon Copy Cloner, which I was gonna do anyway before upgrading my system. Of course, if I had been infected, it would have been too late, if the only remedy is to reinstall. Drastic measure. At least, once done, you have a clean bootable system to revert to.
[doublepost=1508539800][/doublepost]
That is a heck of a removal procedure. Is there really no way to purge this without a full OS reinstall?
Presumably since this is a Trojan backdoor, not only can they control your system remotely, stealing your passwords, files etc, but they can install anything anywhere they want, and you have no way of knowing what, hence a clean install is the only way to be sure.
Score: 3 Votes (Like | Disagree)
coolfactor Avatar
coolfactor
105 months ago
Anyone who was impacted by the malware will need to reinstall macOS to get rid of it.
That is a heck of a removal procedure. Is there really no way to purge this without a full OS reinstall?
No kidding. I think that's a bit extreme, too. Likely just removing the files and restarting is enough, unless the infection is deeper.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

Apple Logo Spotlight

Report: Apple to Launch These New Products in 2026

Sunday November 2, 2025 5:34 am PST by
Apple is planning to launch at least 15 new products in 2026, according to Bloomberg's Mark Gurman. Gurman outlined what to expect from Apple in 2026 in the latest edition of his "Power On" newsletter. He said the company is heading "into one of its most pivotal years in recent memory," with the rollout of major new Apple Intelligence features, intense regulatory pressure on the App Store,...
Read Full Article54 comments
iOS 26

Apple Releases iOS 26.1 With Liquid Glass Toggle, Slide to Stop Alarm, New Apple Intelligence Languages and More

Monday November 3, 2025 1:11 pm PST by
Apple today released iOS 26.1, the first major update to the iOS 26 operating system that came out in September, iOS 26.1 comes over a month after iOS 26 launched. ‌iOS 26‌.1 is compatible with the ‌iPhone‌ 11 series and later, as well as the second-generation ‌iPhone‌ SE. The new software can be downloaded on eligible iPhones over-the-air by going to Settings > General >...
Read Full Article177 comments
iOS 26

iOS 26.1 Available Now With These 8 New Features

Monday November 3, 2025 5:54 am PST by
Following more than a month of beta testing, Apple released iOS 26.1 on Monday, November 3. The update includes a handful of new features and changes, including the ability to adjust the look of Liquid Glass and more. Below, we outline iOS 26.1's key new features. Liquid Glass Toggle iOS 26.1 lets you choose your preferred look for Liquid Glass. In the Settings app, under Display...
Read Full Article
Finder Siri Feature

Apple's New Siri Will Be Powered By Google Gemini

Wednesday November 5, 2025 11:57 am PST by
The smarter, more capable version of Siri that Apple is developing will be powered by Google Gemini, reports Bloomberg. Apple will pay Google approximately $1 billion per year for a 1.2 trillion parameter artificial intelligence model that was developed by Google. For context, parameters are a measure of how a model understands and responds to queries. More parameters generally means more...
Read Full Article350 comments
Early Black Friday Deals 2

The Best Early Black Friday Apple Deals

Sunday November 2, 2025 10:04 am PST by
We're officially in the month of Black Friday, which will take place on Friday, November 28 in 2025. As always, this will be the best time of the year to shop for great deals, including popular Apple products like AirPods, iPad, Apple Watch, and more. In this article, the majority of the discounts will be found on Amazon. Note: MacRumors is an affiliate partner with some of these vendors. When ...
Read Full Article9 comments
Apple Intelligence General Feature 2

New Version of Siri to 'Lean' on Google Gemini

Sunday November 2, 2025 6:06 am PST by
In his "Power On" newsletter, Bloomberg's Mark Gurman today provided an update on the status of Apple Intelligence and the plans for it in 2026. Apple is still planning to roll out its revamped version of Siri around March of next year. The release should be accompanied by the release of a new smart home display product with speaker-base and wall-mount options. A new Apple TV and HomePod...
Read Full Article216 comments
HomePod mini and Apple TV

New Apple TV and HomePod Mini Likely Launching Soon

Sunday November 2, 2025 5:49 am PST by
A new Apple TV and HomePod mini could launch as soon as this month, Bloomberg's Mark Gurman today suggested. In today's "Power On" newsletter, Gurman said that Apple retail stores are planning an overnight refresh on the evening of November 11, where changes will be made after closing, such as refreshing displays and placing new products for the following day. The timing of the overnight...
Read Full Article132 comments