Have you installed the Elmedia Player player? Your computer may be infected

Eltima Software, a producer of applications for the macOS system, including Elmedia Player player, he fell victim to a cyber attack. The company's installation files include a malicious Trojan horse (Proton). The threat is able to steal the passwords and content of Bitcoin wallets. The quick reaction of experts from ESET made the malware very quickly detected and then removed from the Eltima applications and servers.

The cyber attack came at the end of last week. ESET's experts noticed then that Eltima probably unknowingly makes applications on their site infected with a dangerous Trojan OSX / Proton. The virus has been added to the installation files including the Elmedia media player. The threat attacks users of devices with the macOS system. Is able to remotely take control of the victim's computer - steal information from web browsers, logins, passwords, cookies, or cryptocurrency portfolios. Thanks to the reaction of the threat analysts from ESET, Eltima very quickly learned about the attack and also quickly removed infected installation files. Representatives of Eltima Software admitted that users who on October 19 this year they downloaded Elmedia Player from their official site or used the Folx download manager, they could fall victim to the threat.

Anyone who at that time installed the Elmedia Player or Folx software, with the help of an anti-virus application, checked whether his computer was infected. An infection can also be identified after the following directories or files are present in the system:

/tmp/Updater.app/
/Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
/Library/.rand/
/Library/.rand/updateragent.app/ 

If there is even one of the files or folders listed on the computer, there is a risk that the system has been infected. Unfortunately, the only way to effectively disable the threat is to reinstall the operating system - advises Kamil Sadkowski, ESET's threat analyst.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.