Supply Code for A number of Panic Apps Stolen by way of HandBrake Malware Assault


In early Could, a mirror obtain server internet hosting fashionable Mac transcoder app HandBrake was hacked, and the official model of HandBrake was changed with a model contaminated with OSX.PROTON, a distant entry trojan giving hackers root-access privileges to a Mac.

In a weblog publish shared in the present day, Panic Inc. developer and co-founder Steven Frank mentioned he downloaded the contaminated model of HandBrake, which led to the theft of a lot of the supply code behind Panic’s apps. Panic gives a number of apps, together with net editor Coda, FTP app Transmit, SSH shopper Immediate, and Firewatch, an journey recreation.

Hackers accessed Frank’s laptop by means of the contaminated HandBrake software program and have been in a position to receive his usernames and passwords, together with login info for Github. A number of supply code repositories have been cloned by the attackers, who’ve demanded “a big bitcoin ransom” to cease the discharge of the supply code, a ransom Panic doesn’t intend to pay.

Whereas Panic’s supply code has been stolen, the corporate says cautious evaluation of its logs signifies that the theft was the extent of the injury – the hacker didn’t entry buyer info or Panic Sync Information.

– There is not any indication any buyer info was obtained by the attacker.
– Moreover, there is no indication Panic Sync information was accessed.
– Lastly, our net server was not compromised.

(As a reminder, we by no means retailer bank card numbers since we course of them with Stripe, and all Panic Sync information is encrypted in such a manner that even we will not see it.)

In accordance with Panic, the supply code for the apps may probably be utilized by hackers to create malware-infected builds of the corporate’s apps, so customers needs to be vigilant and obtain Panic apps solely from the corporate’s web site or the Mac App Retailer.

Panic has been involved with each the FBI and Apple. Apple’s safety crew is “standing by to rapidly shut down any stolen/malware-infested variations” of Panic apps which might be found, whereas the FBI is actively investigating the assault.

Panic is asking prospects to inform the corporate of any unofficial or cracked variations of Panic apps which might be found within the wild, as any such content material is probably going contaminated with malware.

Iphone 7, Iphone eight, iPad, Macbook