HandBrake Urges Mac Users To Verify Recent Download, Says Mirror Server Was Compromised

HandBrake team, writing on their forum: Anyone who has downloaded HandBrake on Mac between [02/May/2017 14:30 UTC] and [06/May/2017 11:00 UTC] needs to verify the SHA1 / 256 sum of the file before running it. Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan. You have 50/50 chance if you've downloaded HandBrake during this period. If you see a process called "Activity_agent" in the OSX Activity Monitor application. You are infected. HandBrake is a popular, open-source video conversion tool. The team hasn't issued any advisory for Windows users.

Actibity_agent

Do not confuse Activity_agent with "Activity Monitor", which is a perfectly legitimate process and part of the core Mac OS tools.
The trojan was likely named thus in order to maximize the potential for confusion.

Summary from Article

[CanadianMacFan]

- HandBrake-1.0.7.dmg was replaced by another unknown malicious file that DOES NOT match the SHA1 / SHA256 hashes on our website or on our Github Wiki which mirrors these: https://github.com/HandBrake/H...

- The Affected Download mirror (download.handbrake.fr) has been shutdown for investigation.

- The Primary Download Mirror and website were unaffected.

- Downloads via the applications built-in updater with 1.0 and later are unaffected. These are verified by a DSA Signature and will not install if they don't pass.

- Downloads via the applications built-in updater with 0.10.5 and earlier did not have verification so you should check your system with these older releases