Mac Users, Heads up! Elmedia Player & Folx Infection

Late last week Eltima admitted that their servers had been hacked and their Folx and Elmedia Player DMG applications had been distributed with  the nasty OSX.Proton Malware.

Their advice? If you only performed an update you’re likely OK but if you downloaded the entire application Thursday the 19th, you may have a problem. We recommend anyone with these apps do a scan for the following files/directories:

/tmp/Updater.app/
/Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
/Library/.rand/
/Library/.rand/updateragent.app/

If any of those exist, your system is likely infected.

Unfortunately, since this malware affects the administrator account, a total system OS reinstall is the only guaranteed way to get rid of the malware.

Proton is a remote-control trojan designed specifically for Mac systems. It opens a backdoor granting root-level command line access to commandeer the computer. It can steal passwords, encryption and VPN keys, and crypto-currencies from infected systems. It can gain access to a victim’s iCloud account, even if two-factor authentication is used. Bad stuff.

If you’re concerned about cybersecurity at your business give us a call today at 800-924-8167