Source code of several Panic apps stolen via HandBrake malware
In a blog post on Wednesday, Panic developer Steven Frank said he inadvertently downloaded a malware-infected version of popular transcoding software HandBrake, which was targeted in a hack last week, leading to the theft of "quite a bit" of source code related to several of his company's apps.
According to Frank, the incident occurred during a three-day window in early May when a hacked HandBrake mirror server was distributing malware-infested versions of the transcoding app. Instead of legitimate software, users who downloaded the app during this crucial period were served a variant containing malware identified as OSX/Proton.A, which uses admin privileges to remotely access and control a target Mac.
Frank installed the hacked HandBrake assets on a personal computer, granting nefarious actors access to sensitive data like Github credentials. When news of the HandBrake hack broke, Frank's information had already been used to login and clone several source code repositories relating to unnamed Panic apps.
Panic markets a handful of popular apps for Mac and iOS including the Coda web editor, Transmit FTP client, Prompt SSH client and adventure game Firewatch.
The attacker confirmed the theft in an email demanding a large Bitcoin ransom to prevent the release of gathered source code. Panic has no plans of paying up.
As Frank notes in his blog post, company logs show no indication that customer information was leaked, nor did the attacker gain access to Panic Sync data. Additionally, Panic's web server was not compromised.
After an all-hands meeting discussing worst case scenarios, Frank and his team concluded there would be no real danger if the source code was released. Panic assumes the attackers will attempt to create and distribute malware-infected versions of Panic apps, so the company is working with Apple to disable illegitimate versions as they pop up.
As part of the effort to thwart potential malware distribution, Apple has technicians "standing by to quickly shut down any stolen/malware-infested versions of our apps that we may discover," Frank said. The FBI is also investigating Panic's hack.
For now, Panic urges users to download and install apps only from their website or the Mac App Store. Further, the team asks users to alert them of any tainted Panic software or source code spotted in the wild.
According to Frank, the incident occurred during a three-day window in early May when a hacked HandBrake mirror server was distributing malware-infested versions of the transcoding app. Instead of legitimate software, users who downloaded the app during this crucial period were served a variant containing malware identified as OSX/Proton.A, which uses admin privileges to remotely access and control a target Mac.
Frank installed the hacked HandBrake assets on a personal computer, granting nefarious actors access to sensitive data like Github credentials. When news of the HandBrake hack broke, Frank's information had already been used to login and clone several source code repositories relating to unnamed Panic apps.
Panic markets a handful of popular apps for Mac and iOS including the Coda web editor, Transmit FTP client, Prompt SSH client and adventure game Firewatch.
The attacker confirmed the theft in an email demanding a large Bitcoin ransom to prevent the release of gathered source code. Panic has no plans of paying up.
As Frank notes in his blog post, company logs show no indication that customer information was leaked, nor did the attacker gain access to Panic Sync data. Additionally, Panic's web server was not compromised.
After an all-hands meeting discussing worst case scenarios, Frank and his team concluded there would be no real danger if the source code was released. Panic assumes the attackers will attempt to create and distribute malware-infected versions of Panic apps, so the company is working with Apple to disable illegitimate versions as they pop up.
As part of the effort to thwart potential malware distribution, Apple has technicians "standing by to quickly shut down any stolen/malware-infested versions of our apps that we may discover," Frank said. The FBI is also investigating Panic's hack.
For now, Panic urges users to download and install apps only from their website or the Mac App Store. Further, the team asks users to alert them of any tainted Panic software or source code spotted in the wild.
Comments
I hope they can move forward from this.
I use Panic Coda and love it. I sure hope they get this resolved. I got an upgrade notice for Handbrake and didn't install after I heard of all these shenanigans.
I think you're ok if you use the update feature within Handbrake. Please correct me if I'm wrong, but I thought the only people who got screwed downloaded it manually from some other side,
I've downloaded it a few days earlier and had luck. Handbrake and AI posted instructions how to find out and get rid of it if you were infected