Mac owners who have recently downloaded Elmedia Player or Folx from Eltima Software may have unwittingly installed malware on their machines, reports ZDNet.
Downloads of Folx and Elmedia player were infected with Proton, a Remote Access Trojan, after Eltima's servers were hacked. The Proton backdoor lets attackers access browser information, keylogs, usernames, passwords, macOS keychain data, and more.
- /tmp/Updater.app/
- /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
- /Library/.rand/
- /Library/.rand/updateragent.app/
Apple and Eltima have disabled the developer ID that was used to sign the Proton-infected software bundle, and Eltima is working with Apple to figure out what happened.
Anyone who was impacted by the malware will need to reinstall macOS to get rid of it. Eltima says it has taken action to prevent against further attacks and improve its server security. Clean versions of Elmedia Player and Folx are now available from the Eltima website.
Downloads of Folx and Elmedia player were infected with Proton, a Remote Access Trojan, after Eltima's servers were hacked. The Proton backdoor lets attackers access browser information, keylogs, usernames, passwords, macOS keychain data, and more.
In an email to ZDNet, an Eltima spokesperson said that the malware was distributed with downloads as a result of their servers being "hacked" after attackers "used a security breach in the tiny_mce JavaScript library on our server."The compromised software was discovered on October 19, and customers who downloaded software from Eltima on that date before 3:15 p.m. Eastern Time may be affected by the malware. The following files will be found on an infected system:
- /tmp/Updater.app/
- /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
- /Library/.rand/
- /Library/.rand/updateragent.app/
Apple and Eltima have disabled the developer ID that was used to sign the Proton-infected software bundle, and Eltima is working with Apple to figure out what happened.
Anyone who was impacted by the malware will need to reinstall macOS to get rid of it. Eltima says it has taken action to prevent against further attacks and improve its server security. Clean versions of Elmedia Player and Folx are now available from the Eltima website.
52 comments
It's officially iPhone launch day, which means iPhone XS and iPhone XS Max models are in Apple retail stores and have been delivered to customers all around the world. The first pre-orders began...
We're hearing from a number of readers over the past hour or so that Apple's retail stores are having problems completing in-store reservation pickups for the new iPhone and Apple Watch...
Apple today began shipping the iPhone XS, iPhone XS Max, and Apple Watch Series 4 out to customers today, and customers have been eagerly awaiting their shipments today to get their hands on...
As it did for the iPhone X last year, Apple today shared a Guided Tour of the iPhone XS, iPhone XS Max, and iPhone XR on its YouTube channel, walking through some of the biggest features on the trio...
Apple has shared a new Apple Watch Series 4 ad on its YouTube channel, promoting its fitness-related features.
The 30-second video, titled "Better You," shows a person and several of...
Apple has emailed some customers who had an iPhone XS or iPhone XS Max scheduled for in-store pickup at an Apple Store today. The email says their orders "will not be ready for pickup" during...
As customers around the world begin getting their hands on the brand new iPhone XS, XS Max, and Apple Watch Series 4, Apple and CEO Tim Cook today shared images from the September 21 launch.
...
The repair experts at iFixit have shared teardowns of the iPhone XS and iPhone XS Max, providing a look inside the latest models.
iPhone XS on left and iPhone XS Max on right via iFixit
While...
