Source Code for Several Panic Apps Stolen via HandBrake Malware Attack

Discussion in 'Mac Blog Discussion' started by MacRumors, May 17, 2017.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    In early May, a mirror download server hosting popular Mac transcoder app HandBrake was hacked, and the legitimate version of HandBrake was replaced with a version infected with OSX.PROTON, a remote access trojan giving hackers root-access privileges to a Mac.

    In a blog post shared today, Panic Inc. developer and co-founder Steven Frank said he downloaded the infected version of HandBrake, which led to the theft of much of the source code behind Panic's apps. Panic offers several apps, including web editor Coda, FTP app Transmit, SSH client Prompt, and Firewatch, an adventure game.

    [​IMG]

    Hackers accessed Frank's computer through the infected HandBrake software and were able to obtain his usernames and passwords, including git credentials. Several source code repositories were cloned by the attackers, who have demanded "a large bitcoin ransom" to stop the release of the source code, a ransom Panic does not intend to pay.

    While Panic's source code has been stolen, the company says that a careful review of its logs indicates that the theft was the extent of the damage - the hacker did not access customer information or Panic Sync Data.
    According to Panic, the source code for the apps could potentially be used by hackers to create malware-infected builds of the company's apps, so users should be vigilant and download Panic apps only from the company's website or the Mac App Store.

    Panic has been in contact with both the FBI and Apple. Apple's security team is "standing by to quickly shut down any stolen/malware-infested versions" of Panic apps that are discovered, while the FBI is actively investigating the attack.

    Panic is asking customers to notify the company of any unofficial or cracked versions of Panic apps that are discovered in the wild, as any such content is likely infected with malware.

    Article Link: Source Code for Several Panic Apps Stolen via HandBrake Malware Attack
     
  2. noah82 macrumors 6502a

    noah82

    Joined:
    Oct 16, 2008
    Location:
    San Diego, CA
  3. markfc macrumors 6502a

    markfc

    Joined:
    Sep 18, 2006
    Location:
    Prestatyn, Wales, UK
    #3
    Probably an idea to just give it away now. If it's free from their site it won't be downloaded elsewhere.
     
  4. codewrangler macrumors member

    codewrangler

    Joined:
    Jun 17, 2009
    Location:
    Dallas, TX
  5. mw360 macrumors 65816

    mw360

    Joined:
    Aug 15, 2010
    #5
    Any excuse for some freebies...
     
  6. thogin macrumors member

    thogin

    Joined:
    Mar 27, 2011
  7. rudychidiac Suspended

    rudychidiac

    Joined:
    May 2, 2012
    Location:
    Lebanon
    #7
    I hope they will be alright.
    --- Post Merged, May 17, 2017 ---
    What a terrible idea...
     
  8. DCYorke macrumors member

    Joined:
    Apr 7, 2010
    #8
    I agree that sometimes the App Store feels restrictive, but this is how Panic got the virus, because Handbrake isn't available on the App Store.
     
  9. Zedcars macrumors 6502

    Zedcars

    Joined:
    Apr 5, 2010
    Location:
    Brighton, UK
    #9
    If you download from elsewhere and get malware then, frankly (no pun intended), you deserve everything you get!
     
  10. thisisnotmyname macrumors 65816

    thisisnotmyname

    Joined:
    Oct 22, 2014
    Location:
    known but velocity indeterminate
    #10
    So I know there are legitimate reasons to use Handbrake (I used it myself to create electronic versions of physical media I own) but I also know that there are probably more Handbrake users involved in piracy than not. I just say this as it would be ironic if that leads to piracy of Panic products.

    In any case, I'm a Coda owner (paid for) and user and I hope this doesn't end badly for him.
     
  11. Mascots macrumors 65816

    Mascots

    Joined:
    Sep 5, 2009
    #11
    While I'm interested to see the source of some of their apps for curiosities sake, I certainly don't condone this :(
     
  12. atmenterprises macrumors regular

    Joined:
    Jan 28, 2006
    #12
    +1. Love my (paid for) version of Coda and Panic in general.
     
  13. canadianreader macrumors 6502

    canadianreader

    Joined:
    Sep 24, 2014
    #13
    I really like Panic apps I bought both Coda and Transmit my only regret is when they pulled out Coda from the AppStore and made it only available thru their website. Maybe be it's time to put it back on the app store
    Anyway they don't deserve this and they have my empathy and compassion for what they're going thru.
     
  14. supercres macrumors member

    Joined:
    Jun 12, 2003
    Location:
    Philadelphia, PA
    #14
    This seemed like the obvious solution to me too. Unclear why only half-serious, or why they decided against it.
     
  15. HarryPot macrumors 6502a

    Joined:
    Sep 5, 2009
    #15
    Just increases my hate towards hackers.
    I love Coda. Use it daily.

    Anyways, I don't think this will hurt them that much in their sales.

    As they said, that code will quickly become useless without updates. And also as they said, a cracked version of their app was already out there.
    --- Post Merged, May 17, 2017 ---
    I think it is the opposite.

    Now people will think twice before downloading a cracked version of their apps. And few serious developers will go into the trouble of downloading the code from hackers.
     
  16. MichaelQ macrumors newbie

    Joined:
    Nov 17, 2007
    #16
    If apps like Handbrake were allowed in the App Store this wouldn't have been a problem in the first place.
     
  17. TMRJIJ macrumors 68020

    TMRJIJ

    Joined:
    Dec 12, 2011
    Location:
    South Carolina, United States
    #17
    [exhales and shakes head]
     
  18. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #18
    HandBrake is GPL-licensed software. Apple’s terms and conditions are at odds with this licence.

    They don’t even need the App Store, all they need is a developer certificate to code-sign their releases. As it turns out, they don’t even have this and it doesn’t appear that this is going to change soon.
     
  19. Michaelgtrusa macrumors 604

    Michaelgtrusa

    Joined:
    Oct 13, 2008
    Location:
    Everywhere And Nowhere
    #19
    It's only a matter of time before someone like Videolane or Mozilla get hacked.
     
  20. Stella macrumors 604

    Stella

    Joined:
    Apr 21, 2003
    Location:
    Canada
    #20
    There are many great applications out there that cannot be added to the app store due to Apple restrictions.

    In many cases it would not be possible to modify these applications accordingly.

     
  21. zorinlynx macrumors 601

    zorinlynx

    Joined:
    May 31, 2007
    Location:
    Florida, USA
    #21
    Yeah, that's the biggest problem, and it's why the Mac App Store hasn't caught on more than it has. Apple requires all MAS apps to enable sandboxing, which greatly limits what a Mac application can do, among other issues.

    Apple never should have applied the same policy to Mac App Store apps as they did to the iOS App Store. Macs are full-fledged general purpose computers with a different usage scenario than iOS devices; treating them both the same for app policy is short-sighted.

    I remember when there were a far greater variety of apps in the Mac App Store, then Apple tightened the policies and a bunch of app developers jumped ship, distributing directly instead. It's a shame because the store was a good idea, just poorly executed.
     
  22. CarlJ macrumors 68000

    CarlJ

    Joined:
    Feb 23, 2004
    Location:
    San Diego, CA, USA
    #22
    If it was downloaded for legit use, how would it be ironic?

    Evil people suck.
     
  23. OldSchoolMacGuy Suspended

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #23
    These apps are how these folks make their living. I suggest you give away all the work you do and take $0 pay to see how it'd feel.
     
  24. mandrake2016 macrumors newbie

    Joined:
    Jun 24, 2016
    #24
    I've enjoyed Coda in the past, but I'm curious why people continue to use it, when I think lots of competing IDEs seem to have lapped it?

    If you're going with paid apps then I think JetBrains has one of the best suites.

    As much as I've come to dislike Adobe, their Edge/Brackets is a nice free html/css/js lightweight editor without the creative cloud bloat.

    VS Code and Atom are great overall options getting better and better.

    CodeAnywhere is an awesome solution that replaced everything Coda did for me, and there are lots of visual database tools to choose from...
     
  25. roland.g macrumors 603

    roland.g

    Joined:
    Apr 11, 2005
    Location:
    One mile up and soaring
    #25
    Not that I wish anything bad on anyone but am I the only one wondering why he was downloading a utility like Handbrake onto a machine with the company source code. Seems like that was not the wisest move.
     

Share This Page