Malware found in HandBrake open source video transcoder for Mac

Published:

About the issue

Some copies of the HandBrake app downloaded between May 2 and May 6 contained malware called Proton. The malware copies data from your Mac, including your encrypted 1Password data, and sends it to the malware operator.

1Password was designed to protect you if your data is stolen in situations like this. Any stolen data is encrypted and useless to the thief unless they know your 1Password account password.

Determine if you’re affected

You’re only affected if:

  • you downloaded the Mac version of HandBrake
  • you downloaded HandBrake between May 2 and May 6, 2017

If you never downloaded HandBrake, downloaded it on a different platform, or downloaded it outside of those dates, you’re not affected.

If you’re affected, you should first remove the malware, then determine if you need to take further steps to protect your data.

Remove the malware

To remove the Proton malware, download and run Malwarebytes for Mac   .

Take additional precautions

If your 1Password account password is weak, or you’re concerned that it might be known to the attacker, you should follow these steps. The weaker your account password, the sooner you should change your passwords.

  • Change important passwords. Change passwords for your email accounts, financial sites, and account passwords for any other vaults or accounts. Learn how to change your passwords.
  • Change your 1Password account password. Changing your 1Password account password won’t protect data that was already captured, but it will protect against future attacks. Learn how to change your account password.

Important

If you use Touch ID on a Mac, do not skip these additional precautions. The attackers may be able to view your stolen data if they were able to capture your macOS password.

To stay safe in the future:

  • Use a strong, unique 1Password account password. There’s never a bad time to increase your security. Adding an additional letter, number, or word to your 1Password account password increases your security exponentially.
  • Avoid unsigned apps. Install apps signed by reputable developers.

Learn more