News

Your Mac might be infected with Handbrake Malware

Anyone who installed HandBrake for Mac needs to verify their system is not infected with a Trojan.

Readers who have downloaded the HandBrake for Mac application between 2nd May and 6th May 2017 could have unknowingly downloaded Trojan malware called OSX.PROTON onto their system.

Handbrake is an open-source video transcoder that is currently very popular among Mac users. The software enables individuals to convert video files to different formats and can be downloaded for free from more than one site.

The developers of HandBrake have stated: “Anyone who installed HandBrake for Mac needs to verify their system is not infected with a Trojan. You have a 50/50 chance if you’ve downloaded HandBrake during this period.”

It is anticipated that the malicious software is a version of spyware. The Photon Trojan allows hackers to access your machine to view your activities and can even mean that your device can be controlled remotely to take screenshots and even upload files.

If you fear that your machine could be infected, open the OS X Activity Monitor. If you see the name ‘activity_agent’ on the list of active processes, your Mac is infected. But don’t worry — it’s very easy to get rid of the Proton Trojan once you know how.

The first step is to open up the Terminal application on your Mac. Secondly, enter the following commands exactly as they appear below:

  • launchctl unload ~/Library/LaunchAgents/fr.handbrake.activity_agent.plist
  • rm -rf ~/Library/RenderFiles/activity_agent.app
  • If ~/Library/VideoFrameworks/ contains proton.zip, immediately delete that folder


  • Finally, you will have to get rid of any remaining HandBrake.app installs on your Mac. Once you have completed these actions, the computer should be safe. However, for absolute peace of mind we recommend readers change all of their passwords listed in the OS X KeyChain or any stored browser passwords.

    Of course, you should only complete this final step once you are 100 per cent sure all traces of the Trojan malware has been removed.

    About the author

    Chris

    I've been a passionate evangelist for Apple and the Macintosh throughout my working life, my first love was a Quadra 605 working with a small creative agency in the south of Norfolk UK in the mid 1990's, I later progressed to other roles in other Macintosh dominated industries, first as a Senior graphic designer at a small printing company and then a production manager at Guardian Media Group. As the publishing and printing sector wained I moved into Internet Marketing and in 2006 co-founded blurtit.com which grew to become one the top 200 visited sites in the US (according to Quantcast), at its peak receiving over 15 million visits per month. For the last ten years I have worked as an Affiliate and Consultant to many different business and start ups, my key skill set being online marketing, on page monetisation, landing page optimisation and traffic generation, if you would like to hire me or discuss your current project please reach out to me here.

    You can also follow me on: and

    Add Comment

    Click here to post a comment

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.