Mac Users Targeted By Malware Unwittingly Distributed By A Popular Media Player

ESET says it found the OSX/Proton malware in a version of Eltima’s media player

A type of malware that targets Mac users has been unknowingly distributed by the maker of popular MacOS and Windows apps, according to cybersecurity vendor ESET.

Overnight, ESET said its researchers discovered a version of Eltima’s Player software, available through Eltima’s official website, that was “trojanized” with the OSX/Proton malware. It is not yet known who hijacked Eltima’s software with the malware.

ESET informed Eltima of the issue with its Elmedia Player immediately, and within hours Eltima confirmed it had removed the version of its media player bundled with the malware and resumed serving a legitimate application again.

“As far as we know, only the version downloaded from the Eltima website contains the trojanized application. The built-in automatic update mechanism seems unaffected,” said ESET.

‘Data stealing capabilities’

Silicon contacted contacted Eltima in Europe but was told the company had no personnel to deal with press. ESET said Eltima was very responsive and “maintained an excellent communication with [ESET] throughout the incident”. The OSX/Proton malware is a backdoor with data stealing capabilities discovered earlier 2017. It has the ability to steal operating system details, browser information from a plethora of web browsers, and can infiltrate cryptocurrency wallets including Electrum and Bitcoin Core.

If you’re an Elmedia user, and are worried that your machine may have been compromised, ESET advises on steps to take on the We Live Security blog post. Silicon has contacted ESET for more information.

“If you have downloaded that software on October 19th before 3:15pm EDT and run it, you are likely compromised,” said ESET. “As with any compromission with a administrator account, a full OS reinstall is the only sure way to get rid of the malware. Victims should also assume at least all the secrets outlined in the previous section are compromised and take appropriate measures to invalidate them.”

Put your knowledge of artificial intelligence to the test. Try our quiz!