Eltima Software's Elmedia Player and Folx Infected With Malware - MacRumors
Skip to Content

Eltima Software's Elmedia Player and Folx Infected With Malware

by

Mac owners who have recently downloaded Elmedia Player or Folx from Eltima Software may have unwittingly installed malware on their machines, reports ZDNet.

Downloads of Folx and Elmedia player were infected with Proton, a Remote Access Trojan, after Eltima's servers were hacked. The Proton backdoor lets attackers access browser information, keylogs, usernames, passwords, macOS keychain data, and more.

elmediaplayer

In an email to ZDNet, an Eltima spokesperson said that the malware was distributed with downloads as a result of their servers being "hacked" after attackers "used a security breach in the tiny_mce JavaScript library on our server."

The compromised software was discovered on October 19, and customers who downloaded software from Eltima on that date before 3:15 p.m. Eastern Time may be affected by the malware. The following files will be found on an infected system:

- /tmp/Updater.app/
- /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
- /Library/.rand/
- /Library/.rand/updateragent.app/

Apple and Eltima have disabled the developer ID that was used to sign the Proton-infected software bundle, and Eltima is working with Apple to figure out what happened.

Anyone who was impacted by the malware will need to reinstall macOS to get rid of it. Eltima says it has taken action to prevent against further attacks and improve its server security. Clean versions of Elmedia Player and Folx are now available from the Eltima website.

Top Rated Comments

M
Makosuke
112 months ago
Anyone who was impacted by the malware will need to reinstall macOS to get rid of it.
That is a heck of a removal procedure. Is there really no way to purge this without a full OS reinstall?
Score: 7 Votes (Like | Disagree)
S
Scooz
112 months ago
Since I already suspected Eltima of being some agency outlet, since their software portfolio seems too good and diverse to be true and with deep roots into the system and network level while regularly lacking the last bit of polish, I am not surprised. :cool:

So I guess they are just checking out Apple‘s internal procedures for further infiltration now. :eek:

Of course, if they‘re not the dark hats themselves, they are a perfect target due the same reasons...

But then their strange office address...

Ah, have to hide...

</tinfoil>
Score: 6 Votes (Like | Disagree)
MH01 Avatar
MH01
112 months ago
I had Transmission, their servers got infected.
I had Handbrake, their servers got infected.
I was trying out Elmedia Player, their servers got infected.

.. This is why I only use AppStore apps now. Apple's vetting may not be 100% accurate, but at least they have a vetting process.

Luckily my needs are not very complicated, so I can usually find alternatives on the AppStore.
Please tell us what other software you use :p
Score: 5 Votes (Like | Disagree)
W
Wackery
112 months ago
Clean versions of Elmedia Player and Folx are now available from the Eltima website.
optimistic thinking. No one’s downloading this anymore even if it’s fixed.
Score: 5 Votes (Like | Disagree)
msandersen Avatar
msandersen
112 months ago
A timely reminder for me to do a complete system backup with Carbon Copy Cloner, which I was gonna do anyway before upgrading my system. Of course, if I had been infected, it would have been too late, if the only remedy is to reinstall. Drastic measure. At least, once done, you have a clean bootable system to revert to.
[doublepost=1508539800][/doublepost]
That is a heck of a removal procedure. Is there really no way to purge this without a full OS reinstall?
Presumably since this is a Trojan backdoor, not only can they control your system remotely, stealing your passwords, files etc, but they can install anything anywhere they want, and you have no way of knowing what, hence a clean install is the only way to be sure.
Score: 3 Votes (Like | Disagree)
Kaibelf Avatar
Kaibelf
112 months ago
I also bought a License for Little snitch, but to be honest.. I am still learning how to use it, the learning curve isn't easy :(:eek::oops:



Thank you very much for your extremely useful information! :), About malwares in a Mac, I am the newbies on the block :confused:, I have more questions but I am afraid to ask :oops:
Never be afraid to ask! For the most part the people here on MR are nice and if you ask a legitimate question politely one or more people will try to help. We were all newbies once.
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

imac video apple feature

Apple Released Two New Accessories This Month

Friday May 22, 2026 12:24 pm PDT by
May has been a quiet stretch in terms of new Apple products, but the company did release two accessories on its online store this month. First up was a new Pride Edition Sport Loop for the Apple Watch. The band features a rainbow design with 11 colors of woven nylon yarns. U.S. pricing is set at $49. The band is part of Apple's 2026 Pride Collection, which also includes a new Pride...
Read Full Article
Apple Event Logo

Apple to Release These 15 New Products Later This Year

Friday May 22, 2026 6:36 am PDT by
April and May have been relatively slow months for Apple this year, but there is a lot to look forward to heading into WWDC 2026 and beyond. Apple is expected to release at least 15 more products later this year, with some of them held up until the more personalized version of Siri launches. Beyond the usual annual updates to iPhones and Apple Watches in September, Apple's all-new smart...
Read Full Article33 comments
Aston Martin CarPlay Ultra Screen

Apple Says CarPlay Ultra is Coming to These Vehicle Brands

Thursday May 21, 2026 11:53 am PDT by
Last year, Apple launched CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. Nearly a year later, CarPlay Ultra is still limited to Aston Martin's latest luxury vehicles, but that should change fairly soon. In May 2025, Apple said many other vehicle brands planned to offer CarPlay Ultra, including Hyundai, Kia, and Genesis. CarPlay Ultra...
Read Full Article