For those Mac users who are unfamiliar with objective-see... Their free security tools for MacOS are a boon to the community. I think that they are right up there with "little snitch" and the like, especially since they spare the user the typical IDS data overload.
I think hosting the Handbrake, (and Transmission) binaries on the GitHub releases page of the repo would be harder to compromise than their own servers.
If you look at the XProtect files, the syntax is pretty funny.<p><pre><code> condition:
Macho and filesize < 600000 and filesize > 10000 and all of them</code></pre>
If you used brew install handbreak between May 2nd and 5th, you downloaded the malicious version;
- <a href="https://github.com/caskroom/homebrew-cask/commit/461af7672fa267ed42bd5572c20bf337cb4da87e" rel="nofollow">https://github.com/caskroom/homebrew-cask/commit/461af7672fa...</a>
The pull request has comments as well, and a snarky dev ;D
- <a href="https://github.com/caskroom/homebrew-cask/pull/33354" rel="nofollow">https://github.com/caskroom/homebrew-cask/pull/33354</a>
The only actual counter-measure would be to take the extra step and calculate the SHASUM of the binary.<p>The shasum need to be digitally signed with a valid signature otherwise it can be manipulated as well.<p>ps. Ofc tools like littlesnitch and blockblock help, but keeping track of all the applications that try to access the internet is kinda hard these days, especially on a user machine.
that's the reason why i install most mac programs that come from a website into user programs.
this only works for programs that don't add stuff to the system of course.