Mac owners who have recently downloaded Elmedia Player or Folx from Eltima Software may have unwittingly installed malware on their machines, reports ZDNet.

Downloads of Folx and Elmedia player were infected with Proton, a Remote Access Trojan, after Eltima's servers were hacked. The Proton backdoor lets attackers access browser information, keylogs, usernames, passwords, macOS keychain data, and more.

elmediaplayer

In an email to ZDNet, an Eltima spokesperson said that the malware was distributed with downloads as a result of their servers being "hacked" after attackers "used a security breach in the tiny_mce JavaScript library on our server."

The compromised software was discovered on October 19, and customers who downloaded software from Eltima on that date before 3:15 p.m. Eastern Time may be affected by the malware. The following files will be found on an infected system:

- /tmp/Updater.app/
- /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
- /Library/.rand/
- /Library/.rand/updateragent.app/

Apple and Eltima have disabled the developer ID that was used to sign the Proton-infected software bundle, and Eltima is working with Apple to figure out what happened.

Anyone who was impacted by the malware will need to reinstall macOS to get rid of it. Eltima says it has taken action to prevent against further attacks and improve its server security. Clean versions of Elmedia Player and Folx are now available from the Eltima website.

Top Rated Comments

Makosuke Avatar
Makosuke
107 months ago
Anyone who was impacted by the malware will need to reinstall macOS to get rid of it.
That is a heck of a removal procedure. Is there really no way to purge this without a full OS reinstall?
Score: 7 Votes (Like | Disagree)
Scooz Avatar
Scooz
107 months ago
Since I already suspected Eltima of being some agency outlet, since their software portfolio seems too good and diverse to be true and with deep roots into the system and network level while regularly lacking the last bit of polish, I am not surprised. :cool:

So I guess they are just checking out Apple‘s internal procedures for further infiltration now. :eek:

Of course, if they‘re not the dark hats themselves, they are a perfect target due the same reasons...

But then their strange office address...

Ah, have to hide...

</tinfoil>
Score: 6 Votes (Like | Disagree)
Wackery Avatar
Wackery
107 months ago
Clean versions of Elmedia Player and Folx are now available from the Eltima website.
optimistic thinking. No one’s downloading this anymore even if it’s fixed.
Score: 5 Votes (Like | Disagree)
MH01 Avatar
MH01
107 months ago
I had Transmission, their servers got infected.
I had Handbrake, their servers got infected.
I was trying out Elmedia Player, their servers got infected.

.. This is why I only use AppStore apps now. Apple's vetting may not be 100% accurate, but at least they have a vetting process.

Luckily my needs are not very complicated, so I can usually find alternatives on the AppStore.
Please tell us what other software you use :p
Score: 5 Votes (Like | Disagree)
msandersen Avatar
msandersen
107 months ago
A timely reminder for me to do a complete system backup with Carbon Copy Cloner, which I was gonna do anyway before upgrading my system. Of course, if I had been infected, it would have been too late, if the only remedy is to reinstall. Drastic measure. At least, once done, you have a clean bootable system to revert to.
[doublepost=1508539800][/doublepost]
That is a heck of a removal procedure. Is there really no way to purge this without a full OS reinstall?
Presumably since this is a Trojan backdoor, not only can they control your system remotely, stealing your passwords, files etc, but they can install anything anywhere they want, and you have no way of knowing what, hence a clean install is the only way to be sure.
Score: 3 Votes (Like | Disagree)
coolfactor Avatar
coolfactor
107 months ago
Anyone who was impacted by the malware will need to reinstall macOS to get rid of it.
That is a heck of a removal procedure. Is there really no way to purge this without a full OS reinstall?
No kidding. I think that's a bit extreme, too. Likely just removing the files and restarting is enough, unless the infection is deeper.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

maxresdefault

Where's the New Apple TV?

Monday December 22, 2025 11:30 am PST by
Apple hasn't updated the Apple TV 4K since 2022, and 2025 was supposed to be the year that we got a refresh. There were rumors suggesting Apple would release the new Apple TV before the end of 2025, but it looks like that's not going to happen now. Subscribe to the MacRumors YouTube channel for more videos. Bloomberg's Mark Gurman said several times across 2024 and 2025 that Apple would...
Read Full Article162 comments
iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Launching Next Year With These 12 New Features

Tuesday December 23, 2025 8:36 am PST by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another nine months, there are already plenty of rumors about the devices. Below, we have recapped 12 features rumored for the iPhone 18 Pro models. The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras Under-screen Face ID Front camera in...
Read Full Article89 comments
iOS 26

iOS 26.2 Adds These 8 New Features to Your iPhone

Monday December 22, 2025 8:47 am PST by
Earlier this month, Apple released iOS 26.2, following more than a month of beta testing. It is a big update, with many new features and changes for iPhones. iOS 26.2 adds a Liquid Glass slider for the Lock Screen's clock, offline lyrics in Apple Music, and more. Below, we have highlighted a total of eight new features. Liquid Glass Slider on Lock Screen A new slider in the Lock...
Read Full Article
iOS 26

iOS 26.3 Brings AirPods-Like Pairing to Third-Party Devices in EU Under DMA

Monday December 22, 2025 3:20 pm PST by
The European Commission today praised the interoperability changes that Apple is introducing in iOS 26.3, once again crediting the Digital Markets Act (DMA) with bringing "new opportunities" to European users and developers. The Digital Markets Act requires Apple to provide third-party accessories with the same capabilities and access to device features that Apple's own products get. In iOS...
Read Full Article91 comments
top stories 2025 12 20

Top Stories: iOS 26.3 Beta, Major Apple Leaks, and More

Saturday December 20, 2025 6:00 am PST by
You'd think things would be slowing down heading into the holidays, but this week saw a whirlwind of Apple leaks and rumors while Apple started its next cycle of betas following last week's release of iOS 26.2 and related updates. This week also saw the release of a new Apple Music integration with ChatGPT, so read on below for all the details on this week's biggest stories! Top Stories i...
Read Full Article19 comments
iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Features Leaked in New Report, Including Under-Screen Face ID

Tuesday December 16, 2025 8:44 am PST by
Next year's iPhone 18 Pro and iPhone 18 Pro Max will be equipped with under-screen Face ID, and the front camera will be moved to the top-left corner of the screen, according to a new report from The Information's Wayne Ma and Qianer Liu. As a result of these changes, the report said the iPhone 18 Pro models will not have a pill-shaped Dynamic Island cutout at the top of the screen....
Read Full Article63 comments
Apple Wallet ID Illinois

Apple Plans to Expand iPhone Driver's Licenses to These 7 U.S. States

Wednesday December 24, 2025 8:40 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps. The feature is currently available in 13 U.S. states and Puerto Rico, and it is expected to launch in at least seven more in the future. To set up the...
Read Full Article16 comments
iPhone Fold Vertical Feature

Why Apple's Foldable iPhone May Be Smaller Than Expected

Tuesday December 23, 2025 5:21 am PST by
Apple's first foldable iPhone, rumored for release next year, may turn out to be smaller than most people imagine, if a recent report is anything to go by. According to The Information, the outer display on the book-style device will measure just 5.3 inches – that's smaller than the 5.4-inch screen on the ‌iPhone‌ mini, a line Apple discontinued in 2022 due to poor sales. The report has led ...
Read Full Article186 comments
iPhone Chips

Apple Clings to Samsung as RAM Prices Soar

Monday December 22, 2025 6:17 am PST by
Apple is significantly increasing its reliance on Samsung for iPhone memory as component prices surge, according to The Korea Economic Daily. Apple is said to be expanding the share of iPhone memory it sources from Samsung due to rapidly rising memory prices. The shift is expected to result in Samsung supplying roughly 60% to 70% of the low-power DRAM used in the iPhone 17, compared with a...
Read Full Article70 comments