The only place that the malicious application differs from the legitimate one, as with the Handbrake hack, is a password request when the app launches. This means that the malicious app is treated as more of a background process, hidden from the Dock and the Force Quit window, eliminating one potential cause for user suspicion. To avoid suspicion by having two different Elmedia Player apps showing up on the Dock, the malicious wrapper app has the following setting in its ist file: LSUIElement In this case, however, Elmedia Player is not open source, so the hackers changed their methods to open an untampered copy of the real application. In the case of Handbrake, the software is open source, so the hackers were able to actually compile a malicious copy of the Handbrake app that installed the Proton malware, but otherwise behaved normally. This is a bit different than the technique used to Trojanize Handbrake. In the following screenshot, you can see the contents of the legitimate Elmedia Player app in the lefthand window, compared to the malicious wrapper app on the right. When the malicious wrapper is opened, it opens the legitimate app as a cover to make it seem like everything is working as expected. This is because the Trojanized app is actually a wrapper, containing the real Elmedia Player application. The malicious Elmedia Player app looks completely legitimate, even when opened. However, an unknown number of people have already downloaded the malicious copy of Elmedia Player and will be infected with Proton. Researchers at ESET discovered the trojanized copy of Elmedia Player on Thursday morning, and Eltima Software eliminated the malware from their servers by that afternoon. Now, Eltima Software has fallen victim to a similar attack. Then, in May, one of the servers responsible for distributing the popular Handbrake software was hacked, resulting in the distribution of a Proton-infected copy of Handbrake for a four-day period. Proton was silently added to Appleās XProtect definitions in early March, and not much was known about it at the time. At this time, it is still unknown how long their website was providing the hijacked app. The hackers responsible for the Mac malware OSX.Proton have struck again, this time infecting a copy of the Elmedia Player app that was being distributed from the official Eltima website.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |