Regardless of what Apple's enthusiastic marketing often claims, Mac's aren't immune to malware as this story explains.
The Remote Access Trojan (RAT) has an extensive list of features and capabilities made available to the attacker including capturing user inputs, uploading or downloading files to the machine, access the webcam etc.
Removal seems pretty straightforward by issuing the following commands:
- launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
- rm -rf ~/Library/RenderFiles/activity_agent.app
- if ~/Library/VideoFrameworks/ contains proton.zip, remove the folder
The team warns that anyone who do downloaded the app between 2 May 2 and 6 May from the "download.handbrake.fr" mirror has a 50 per cent chance of finding some nasty stuff on their Mac. "The affected server has been shut down for investigation, but developers are warning that users who downloaded the software from the server between 14:30 UTC May 2 and 11:00 UTC May 6 have a 50/50 chance of their system being infected by a Trojan," the blog post reads.