In early May, a mirror download server hosting popular Mac transcoder app HandBrake was hacked, and the legitimate version of HandBrake was replaced with a version infected with OSX.PROTON, a remote access trojan giving hackers root-access privileges to a Mac.

In a blog post shared today, Panic Inc. developer and co-founder Steven Frank said he downloaded the infected version of HandBrake, which led to the theft of much of the source code behind Panic's apps. Panic offers several apps, including web editor Coda, FTP app Transmit, SSH client Prompt, and Firewatch, an adventure game.

panicapps
Hackers accessed Frank's computer through the infected HandBrake software and were able to obtain his usernames and passwords, including git credentials. Several source code repositories were cloned by the attackers, who have demanded "a large bitcoin ransom" to stop the release of the source code, a ransom Panic does not intend to pay.

While Panic's source code has been stolen, the company says that a careful review of its logs indicates that the theft was the extent of the damage - the hacker did not access customer information or Panic Sync Data.

- There's no indication any customer information was obtained by the attacker.
- Furthermore, there's no indication Panic Sync data was accessed.
- Finally, our web server was not compromised.

(As a reminder, we never store credit card numbers since we process them with Stripe, and all Panic Sync data is encrypted in such a way that even we can't see it.)

According to Panic, the source code for the apps could potentially be used by hackers to create malware-infected builds of the company's apps, so users should be vigilant and download Panic apps only from the company's website or the Mac App Store.

Panic has been in contact with both the FBI and Apple. Apple's security team is "standing by to quickly shut down any stolen/malware-infested versions" of Panic apps that are discovered, while the FBI is actively investigating the attack.

Panic is asking customers to notify the company of any unofficial or cracked versions of Panic apps that are discovered in the wild, as any such content is likely infected with malware.

Tags: Malware, Panic, Handbrake

Top Rated Comments

mw360 Avatar
mw360
94 months ago
Probably an idea to just give it away now. If it's free from their site it won't be downloaded elsewhere.
Any excuse for some freebies...
Score: 16 Votes (Like | Disagree)
canadianreader Avatar
canadianreader
94 months ago
I really like Panic apps I bought both Coda and Transmit my only regret is when they pulled out Coda from the AppStore and made it only available thru their website. Maybe be it's time to put it back on the app store
Anyway they don't deserve this and they have my empathy and compassion for what they're going thru.
Score: 11 Votes (Like | Disagree)
roland.g Avatar
roland.g
94 months ago
Not that I wish anything bad on anyone but am I the only one wondering why he was downloading a utility like Handbrake onto a machine with the company source code. Seems like that was not the wisest move.
Score: 9 Votes (Like | Disagree)
MichaelQ Avatar
MichaelQ
94 months ago
If apps like Handbrake were allowed in the App Store this wouldn't have been a problem in the first place.
Score: 7 Votes (Like | Disagree)
noah82 Avatar
noah82
94 months ago
Yikes. Maybe it's time to.......Panic!!
Score: 6 Votes (Like | Disagree)
zorinlynx Avatar
zorinlynx
94 months ago
There are many great applications out there that cannot be added to the app store due to Apple restrictions.

In many cases it would not be possible to modify these applications accordingly.
Yeah, that's the biggest problem, and it's why the Mac App Store hasn't caught on more than it has. Apple requires all MAS apps to enable sandboxing, which greatly limits what a Mac application can do, among other issues.

Apple never should have applied the same policy to Mac App Store apps as they did to the iOS App Store. Macs are full-fledged general purpose computers with a different usage scenario than iOS devices; treating them both the same for app policy is short-sighted.

I remember when there were a far greater variety of apps in the Mac App Store, then Apple tightened the policies and a bunch of app developers jumped ship, distributing directly instead. It's a shame because the store was a good idea, just poorly executed.
Score: 6 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Rumored to Use Same Rear Chassis as iPhone 16

Friday July 19, 2024 7:16 am PDT by
Apple will adopt the same rear chassis manufacturing process for the iPhone SE 4 that it is using for the upcoming standard iPhone 16, claims a new rumor coming out of China. According to the Weibo-based leaker "Fixed Focus Digital," the backplate manufacturing process for the iPhone SE 4 is "exactly the same" as the standard model in Apple's upcoming iPhone 16 lineup, which is expected to...
Read Full Article136 comments
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article129 comments
bsod

Crowdstrike Says Global IT Outage Impacting Windows PCs, But Mac and Linux Hosts Not Affected

Friday July 19, 2024 3:12 am PDT by
A widespread system failure is currently affecting numerous Windows devices globally, causing critical boot failures across various industries, including banks, rail networks, airlines, retailers, broadcasters, healthcare, and many more sectors. The issue, manifesting as a Blue Screen of Death (BSOD), is preventing computers from starting up properly and forcing them into continuous recovery...
Read Full Article493 comments
iphone 14 lineup

Cellebrite Unable to Unlock iPhones on iOS 17.4 or Later, Leak Reveals

Thursday July 18, 2024 4:18 am PDT by
Israel-based mobile forensics company Cellebrite is unable to unlock iPhones running iOS 17.4 or later, according to leaked documents verified by 404 Media. The documents provide a rare glimpse into the capabilities of the company's mobile forensics tools and highlight the ongoing security improvements in Apple's latest devices. The leaked "Cellebrite iOS Support Matrix" obtained by 404 Media...
Read Full Article66 comments
Apple Watch Series 9

2024 Apple Watch Lineup: Key Changes We're Expecting

Tuesday July 16, 2024 7:59 am PDT by
Apple is seemingly planning a rework of the Apple Watch lineup for 2024, according to a range of reports from over the past year. Here's everything we know so far. Apple is expected to continue to offer three different Apple Watch models in five casing sizes, but the various display sizes will allegedly grow by up to 12% and the casings will get taller. Based on all of the latest rumors,...
Read Full Article38 comments
tinypod apple watch

TinyPod Turns Your Apple Watch Into an iPod

Wednesday July 17, 2024 3:18 pm PDT by
If you have an old Apple Watch and you're not sure what to do with it, a new product called TinyPod might be the answer. Priced at $79, the TinyPod is a silicone case with a built-in scroll wheel that houses the Apple Watch chassis. When an Apple Watch is placed inside the TinyPod, the click wheel on the case is able to be used to scroll through the Apple Watch interface. The feature works...
Read Full Article133 comments