Mac owners who have recently downloaded Elmedia Player or Folx from Eltima Software may have unwittingly installed malware on their machines, reports ZDNet.

Downloads of Folx and Elmedia player were infected with Proton, a Remote Access Trojan, after Eltima's servers were hacked. The Proton backdoor lets attackers access browser information, keylogs, usernames, passwords, macOS keychain data, and more.

elmediaplayer

In an email to ZDNet, an Eltima spokesperson said that the malware was distributed with downloads as a result of their servers being "hacked" after attackers "used a security breach in the tiny_mce JavaScript library on our server."

The compromised software was discovered on October 19, and customers who downloaded software from Eltima on that date before 3:15 p.m. Eastern Time may be affected by the malware. The following files will be found on an infected system:

- /tmp/Updater.app/
- /Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
- /Library/.rand/
- /Library/.rand/updateragent.app/

Apple and Eltima have disabled the developer ID that was used to sign the Proton-infected software bundle, and Eltima is working with Apple to figure out what happened.

Anyone who was impacted by the malware will need to reinstall macOS to get rid of it. Eltima says it has taken action to prevent against further attacks and improve its server security. Clean versions of Elmedia Player and Folx are now available from the Eltima website.

Top Rated Comments

Makosuke Avatar
96 months ago
Anyone who was impacted by the malware will need to reinstall macOS to get rid of it.
That is a heck of a removal procedure. Is there really no way to purge this without a full OS reinstall?
Score: 7 Votes (Like | Disagree)
Scooz Avatar
96 months ago
Since I already suspected Eltima of being some agency outlet, since their software portfolio seems too good and diverse to be true and with deep roots into the system and network level while regularly lacking the last bit of polish, I am not surprised. :cool:

So I guess they are just checking out Apple‘s internal procedures for further infiltration now. :eek:

Of course, if they‘re not the dark hats themselves, they are a perfect target due the same reasons...

But then their strange office address...

Ah, have to hide...

</tinfoil>
Score: 6 Votes (Like | Disagree)
Wackery Avatar
96 months ago
Clean versions of Elmedia Player and Folx are now available from the Eltima website.
optimistic thinking. No one’s downloading this anymore even if it’s fixed.
Score: 5 Votes (Like | Disagree)
MH01 Avatar
96 months ago
I had Transmission, their servers got infected.
I had Handbrake, their servers got infected.
I was trying out Elmedia Player, their servers got infected.

.. This is why I only use AppStore apps now. Apple's vetting may not be 100% accurate, but at least they have a vetting process.

Luckily my needs are not very complicated, so I can usually find alternatives on the AppStore.
Please tell us what other software you use :p
Score: 5 Votes (Like | Disagree)
msandersen Avatar
96 months ago
A timely reminder for me to do a complete system backup with Carbon Copy Cloner, which I was gonna do anyway before upgrading my system. Of course, if I had been infected, it would have been too late, if the only remedy is to reinstall. Drastic measure. At least, once done, you have a clean bootable system to revert to.
[doublepost=1508539800][/doublepost]
That is a heck of a removal procedure. Is there really no way to purge this without a full OS reinstall?
Presumably since this is a Trojan backdoor, not only can they control your system remotely, stealing your passwords, files etc, but they can install anything anywhere they want, and you have no way of knowing what, hence a clean install is the only way to be sure.
Score: 3 Votes (Like | Disagree)
coolfactor Avatar
96 months ago
Anyone who was impacted by the malware will need to reinstall macOS to get rid of it.
That is a heck of a removal procedure. Is there really no way to purge this without a full OS reinstall?
No kidding. I think that's a bit extreme, too. Likely just removing the files and restarting is enough, unless the infection is deeper.
Score: 2 Votes (Like | Disagree)

Popular Stories

oppo find n5 fingers

World's Thinnest Foldable Phone Launches Next Week

Monday February 10, 2025 3:05 am PST by
Oppo has confirmed a February 20 global launch for its Find N5, which the company claims is the world's thinnest device in the foldable phone category. The phone is expected to be re-branded as the OnePlus Open 2 in the US. The Chinese vendor has been teasing the device in the last few weeks, touting its waterproofing and nearly invisible display crease, and highlighting its thinness by compa...
2007 iPhone

Apple Discontinuing This 18-Year-Old iPhone Feature

Saturday February 8, 2025 3:51 pm PST by
The end of an 18-year era is on the horizon for the iPhone. Apple reportedly plans to announce a new iPhone SE as soon as next week, and the device is expected to feature a full-screen design with Face ID, instead of a Touch ID home button. That means Apple will no longer sell any new iPhone models with a home button, for the first time since the original iPhone launched. The home button...
m2 macbook air blue

M4 MacBook Air Release Continues to Appear Imminent

Monday February 10, 2025 10:56 am PST by
There continue to be signs of a new MacBook Air with an M4 chip, indicating that we could see the machine launch in the not too distant future. A private account on X today shared the identifiers that the MacBook Air will use, and those identifiers correspond to the M4 chip. According to the source, both the 13-inch MacBook Air and the 15-inch MacBook Air will be equipped with Apple's...
watchOS 11 Thumb 2 1

Apple Releases watchOS 11.3.1

Monday February 10, 2025 10:04 am PST by
Apple today released watchOS 11.3.1, a minor update to the operating system that runs on the Apple Watch. watchOS 11.3.1 is compatible with the Apple Watch Series 6 and later, all Apple Watch Ultra models, and the Apple Watch SE 2. watchOS 11.3.1 can be downloaded by opening up the Apple Watch app and going to General > Software Update. To install the new software, the Apple Watch needs to...
sequoia

Apple Releases macOS Sequoia 15.3.1

Monday February 10, 2025 10:11 am PST by
Apple today released macOS Sequoia 15.3.1, a minor update to the macOS Sequoia operating system that came out last September. macOS 15.3.1 comes a few weeks after the launch of macOS Sequoia 15.3. Mac users can download the ‌‌‌macOS Sequoia‌‌‌ update through the Software Update section of System Settings. Apple has also released macOS 13.7.4 and macOS 14.7.4 for those who are...
iPhone SE 4 Thumb 1

'New' iPhone SE Product Listing Appears on French Website

Wednesday February 12, 2025 6:49 am PST by
As the wait continues for Apple's long-rumored, fourth-generation iPhone SE, French electronics retailer Boulanger has prematurely published a product listing for a "new" model of the iPhone SE. The placeholder page says the device is "coming soon," but it offers no further information, and the price shown is obviously not real. The listing was spotted by a reader of the French technology...
Powerbeats Pro 2 Orange

Powerbeats Pro 2 Given to Customer Early, Expected to Debut Tomorrow

Monday February 10, 2025 7:42 am PST by
Apple's long-awaited Powerbeats Pro 2 are finally expected to be announced this Tuesday. Ahead of time, one lucky Walmart customer was able to get their hands on the earbuds early, according to a since-deleted Reddit post over the weekend. A leaked image of the Powerbeats Pro 2 in Electric Orange "My local Walmart had them in the cage," the Reddit user explained. "I asked if I can buy them...
iOS 18

Apple Releases iOS 18.3.1 With Bug Fixes

Monday February 10, 2025 10:09 am PST by
Apple today released iOS 18.3.1 and iPadOS 18.3.1, minor updates for the iOS 18 and iPadOS 18 operating systems that came out last September. iOS 18.3.1 comes two weeks after Apple released iOS 18.3. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. Apple has also released iPadOS 17.7.5 for those still running...
apple silicon mac lineup 2024 feature purple

Apple Increases Mac Trade-In Values for a Limited Time

Sunday February 9, 2025 3:53 pm PST by
Apple today increased its estimated trade-in values for select Mac models in the United States, with the full changes outlined below. Apple says the extra trade-in credit for select Macs is available with the purchase of an eligible new Apple device through April 2. The trade-in values increased by between $10 and $50. Model New Value Old Value MacBook Pro Up to $925 ...