nasty trojan on
developer's own server
like the fabled horse
On the 19th of October 2017 we were informed by a malware research company ESET that our servers have been hacked and our apps namely Folx and Elmedia Player DMG files are distributed with a malware.
Our cybersecurity team in close coordination with ESET Team and Apple representatives took all the necessary steps and actions to stop the distribution of this Malware successfully.
SYSTEM CHECK!!!
If you recently downloaded Elmedia Player or Folx, ESET advises you do a system check to confirm if your system was compromised or not.
Instructions- Scan for the absence of the following file or directory on your system:
/tmp/Updater.app/
/Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
/Library/.rand/
/Library/.rand/updateragent.app/
The presence of any of the files above is an indication that your system may have been infected by the trojanized Elmedia Player or Folx application which means your OSX/Proton is most likely running. If you downloaded Elmedia Player or Folx on the 19th of October 2017, your system is likely affected.
NOTE: Only Elmedia Player and Folx version downloaded from our official Eltima website was infected by this malware. However, the built-in automatic update mechanism is unaffected based on the data available to our cybersecurity experts.
https://www.welivesecurity.com/2017/10/20/osx-proton-supply-chain-attack-elmedia/