Handbrake Malware Attack Steals Panic Apps’ Source Codes

On May 16, 2017, the successful Mac and iOS software developer, Panic, had source code for many of its apps stolen, as a result of a malware attack. This news was announced by Panic’s Founder, Steven Frank, in a blog post on Panic’s site.

After the hack and theft had taken place, Panic received an email demanding a ransom of an unspecified amount of Bitcoin. However, Panic did not pay this ransom.

They have made the FBI and Apple aware of what has taken place, and took steps to nullify the effects of the hack.

Who is Panic?

Panic is a software company based in Portland, Oregon. It was founded in 1998 by Steven Frank and Cabel Sasser.

Panic has developed a number of popular software apps for Apple’s desktop and mobile operating systems. These include the FTP client Transmit, Coda which is a web editor and the video game Firewatch.

How did Panic Get Hacked?

On May 2nd, an unknown hacking group managed to hack the video encoding app, Handbrake. The Mac version of Handbrake obtainable from one of the site’s servers was replaced by a malware-infested copy.

The malware on this copy of Handbrake was called Proton RAT. It allows hackers to monitor keystrokes and remotely upload and download files to infected machines.

Panic Founder, Steven Frank, unfortunately downloaded this infected version of Handbrake and installed it on his computer. Ironically, he thought something might be wrong when Handbrake asked him for admin privileges, but he granted them anyway. His Mac was immediately infected.



Why Was Panic Hacked?

The motivations behind the hack are unknown, but hacks are usually an attempt to extort money, gain kudos in the hacking world, and to see what else they can take from snooping around in other people’s computers.

The hackers who infiltrated Panic weren’t planning to attack them specifically. They just landed an extremely big fish. However, they realized pretty quickly what they had caught.

Before news of the Handbrake hack broke and Steven Frank realized what had happened, the hackers had got on to Frank’s computer and stolen much of the source code from Panic’s extremely popular apps.

This could allow them to clone Panic’s apps, potentially loading them with more malware, creating a vicious cycle. Sensing Panic’s desire to get their code back, they sent their ransom email.

Is it fixed now?

As soon as he realized what had happened, Steven Frank took his Mac out of commission and changed all of his passwords. The team at Panic moved quickly to change the infrastructure of their servers to prevent anything else being stolen.

Panic decided not to pay the ransom, as they could not trust the hackers would actually return the codes to them if they paid. You don’t negotiate with criminals. Instead, they notified the FBI, and Apple, who would need to be vigilant about cloned apps appearing in their AppStore. Apple also helped Panic shut down and restart their developer’s account.

Does this affect me?

The short answer is, no, it shouldn’t, even if you use Panic’s products on a regular basis. Panic has said that no customer data was taken during the hack. All the loopholes have since been closed.

If you are a Panic customer, make sure you update your software from official sources rather than third-party sites. There may be cloned versions of Panic’s apps out there somewhere, so make sure you’re not fooled into downloading any of them.

It pays to be vigilant, so look out for anything that seems amiss with your software. Don’t be like Steven Frank.

If you’re a Handbrake user and you updated your software between May 2 and May 6, it may be worth looking into this too.



What’s next?

The hackers still have Panic’s source code, but as long as every user sticks to official sources when they update, it is useless. They don’t have their ransom money either. One thing we do know is that hackers will always be experimenting with new ways to commit crimes online, and the rest of us need to stay alert.

Panic will keep developing and improving their software so eventually the source code that was stolen will be rendered obsolete. As for Steven Frank, I suspect he’ll be more careful too.

Stay with us at Web Hosting Sun for more news, as well as advice on how to stay safe online.

We will be happy to hear your thoughts

      Leave a reply

      Web Hosting Sun