Source code of several Panic apps stolen via HandBrake malware

Posted:
in General Discussion
In a blog post on Wednesday, Panic developer Steven Frank said he inadvertently downloaded a malware-infected version of popular transcoding software HandBrake, which was targeted in a hack last week, leading to the theft of "quite a bit" of source code related to several of his company's apps.




According to Frank, the incident occurred during a three-day window in early May when a hacked HandBrake mirror server was distributing malware-infested versions of the transcoding app. Instead of legitimate software, users who downloaded the app during this crucial period were served a variant containing malware identified as OSX/Proton.A, which uses admin privileges to remotely access and control a target Mac.

Frank installed the hacked HandBrake assets on a personal computer, granting nefarious actors access to sensitive data like Github credentials. When news of the HandBrake hack broke, Frank's information had already been used to login and clone several source code repositories relating to unnamed Panic apps.

Panic markets a handful of popular apps for Mac and iOS including the Coda web editor, Transmit FTP client, Prompt SSH client and adventure game Firewatch.

The attacker confirmed the theft in an email demanding a large Bitcoin ransom to prevent the release of gathered source code. Panic has no plans of paying up.

As Frank notes in his blog post, company logs show no indication that customer information was leaked, nor did the attacker gain access to Panic Sync data. Additionally, Panic's web server was not compromised.

After an all-hands meeting discussing worst case scenarios, Frank and his team concluded there would be no real danger if the source code was released. Panic assumes the attackers will attempt to create and distribute malware-infected versions of Panic apps, so the company is working with Apple to disable illegitimate versions as they pop up.

As part of the effort to thwart potential malware distribution, Apple has technicians "standing by to quickly shut down any stolen/malware-infested versions of our apps that we may discover," Frank said. The FBI is also investigating Panic's hack.

For now, Panic urges users to download and install apps only from their website or the Mac App Store. Further, the team asks users to alert them of any tainted Panic software or source code spotted in the wild.

Comments

  • Reply 1 of 11
    welshdogwelshdog Posts: 1,663member
    That is really unfortunate. I love Transmit, but nowadays hardly ever use it.
    I hope they can move forward from this.
    lostkiwipropodjSnively
  • Reply 2 of 11
    MacProMacPro Posts: 18,167member
    welshdog said:
    That is really unfortunate. I love Transmit, but nowadays hardly ever use it.
    I hope they can move forward from this.
    Totally agree with your sentiments, Panic is the best FTP software I've ever used. 
    lostkiwi
  • Reply 3 of 11
    I love and regularly use their iOS SSH terminal, this app is awesome.
  • Reply 4 of 11
    Pity they took Coda off the Mac App Store
  • Reply 5 of 11
    Not a great time to have your company called "panic."
    jbdragon
  • Reply 6 of 11
    MacProMacPro Posts: 18,167member
    Not a great time to have your company called "panic."
    LOL, sad but true.  Hopefully they haven't.
  • Reply 7 of 11
    jkichlinejkichline Posts: 1,333member
    I guess they picked the right company name! /s

    I use Panic Coda and love it.  I sure hope they get this resolved.  I got an upgrade notice for Handbrake and didn't install after I heard of all these shenanigans.
  • Reply 8 of 11
    jkichline said:
    I guess they picked the right company name! /s

    I use Panic Coda and love it.  I sure hope they get this resolved.  I got an upgrade notice for Handbrake and didn't install after I heard of all these shenanigans.

    I think you're ok if you use the update feature within Handbrake.  Please correct me if I'm wrong, but I thought the only people who got screwed downloaded it manually from some other side,
  • Reply 9 of 11
    krawallkrawall Posts: 157member

    I think you're ok if you use the update feature within Handbrake.  Please correct me if I'm wrong, but I thought the only people who got screwed downloaded it manually from some other side,
    One of their download mirrors got hacked. When you clicked to download (on their page) you had a 50% chance of getting the infected version. 

    I've downloaded it a few days earlier and had luck. Handbrake and AI posted instructions how to find out and get rid of it if you were infected 
  • Reply 10 of 11
    This is disgusting. Two-factor authentication of the developer's GitHub account could of avoided this. Lesson learned: don't be so careless with your accounts.
  • Reply 11 of 11
    krawall said:

    I think you're ok if you use the update feature within Handbrake.  Please correct me if I'm wrong, but I thought the only people who got screwed downloaded it manually from some other side,
    One of their download mirrors got hacked. When you clicked to download (on their page) you had a 50% chance of getting the infected version. 

    I've downloaded it a few days earlier and had luck. Handbrake and AI posted instructions how to find out and get rid of it if you were infected 
    Randominternetperson is correct. The issue only affected those that downloaded it from the site and not those that updated using the app so long as they were using version 1.0 of the app not earlier versions.
Sign In or Register to comment.