Developers of popular transcoding tool, Handbrake, issued an urgent message on Saturday warning its users that one of its download servers have been compromised. The original installation file has been replaced with one that may be laced with a malware.
The notice is directed towards users who have downloaded Handbrake on Mac between May 2 and May 6. If you fall within the specified group, then there’s a 50% chance of having a malware installed on your Mac. The developers urge its users to verify the installation file’s checksum, a number generated to ensure the integrity of the file, before running it. For those who have already installed the program, check to see if there’s a process called “Activity_agent” in the OSX activity Monitor. If such process exists, then your machine is infected.
The malware is a breed of the OSX.PROTON trojan, which opens backdoors for other malware to infect your machine.
The infected mirror has been removed following the notice, and instructions on how to remove the malware have been provided here.
Source: Handbrake Forum