Download elmedia player mac1/10/2024 ![]() 1Password data ( ~/Library/Application Support/1Password 4 and ~/Library/Application Support/1Password 3.9)Īs with any compromise of an administrator account, a full OS reinstall is the only sure way to get rid of the malware.Tunnelblick VPN configuration ( ~/Library/Application Support/Tunnelblick/Configurations).macOS keychain data using a modified version of chainbreaker.Armory: ~/Library/Application Support/Armory.Bitcoin Core: ~/Library/Application Support/Bitcoin/wallet.dat.Browser information from Chrome, Safari, Opera and Firefox: history, cookies, bookmarks, login data, etc.Operating system details: hardware serial number (IOPlatformSerialNumber), full name of the current user, hostname, System Integrity Protection status ( csrutil status), gateway information ( route -n get default | awk ‘/gateway/ ’), current time & timezone.It gains persistence on the system and can steal the following: OSX/Proton is a backdoor with extensive data-stealing capabilities. What does the malicious payload do to a compromised system? The built-in automatic update mechanism seems unaffected. If you have downloaded that software on October 19th before 3:15pm EDT and run it, you are likely compromised.Īs far as we know, the trojanized version of the application was only downloadable from the Eltima website, between 08:00 and 15:15 EDT on 19 October 2017. If any of them exists, it means the trojanized Elmedia Player or Folx application was executed and that OSX/Proton is most likely running. Am I compromised?ĮSET advises anyone who downloaded Elmedia Player or Folx software recently to verify if their system is compromised by testing the presence of any of the following files or directories: Hence, this information is preliminary and the blogpost will be updated as new facts emerge. Note: This blog was initially posted despite our research being incomplete. 12:15pm EDT: Added references to Folx that was also distributed with the Proton malware.10:12am EDT: Eltima publishes an announcement about the event.3:10pm EDT: Eltima confirms their infrastructure is cleaned up and serving the legitimate applications again.2:25pm EDT: Eltima acknowledged the issue and initiated remediation efforts.10:35am EDT: Eltima informed via email.Eltima was very responsive and maintained an excellent communication with us throughout the incident. ESET contacted Eltima as soon as the situation was confirmed. On 19 October 2017, ESET researchers noticed that Eltima, the makers of the Elmedia Player software, were distributing a version of their application trojanized with the OSX/Proton malware on their official website. ![]() Our researchers noticed that the makers of the Elmedia Player software have been distributing a version of their app trojanized with the OSX/Proton malware.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |