![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
- Joined
- Aug 20, 2006
- Messages
- 13,000
ESET researchers noticed that Eltima, the makers of Elmedia Player, have been distributing a version of their application trojanized with the OSX/Proton malware on their official website. Anyone who downloaded Elmedia Player or Folx software recently should verify if their system is compromised by testing for the presence of certain files and directories.
If you have downloaded that software on October 19th before 3:15pm EDT and run it, you are likely compromised. As far as we know, only the version downloaded from the Eltima website contains the trojanized application. The built-in automatic update mechanism seems unaffected. OSX/Proton is a backdoor with extensive data stealing capabilities. It gains persistence on the system and can steal OS details, browser information, cryptocurrency wallets, and more.
If you have downloaded that software on October 19th before 3:15pm EDT and run it, you are likely compromised. As far as we know, only the version downloaded from the Eltima website contains the trojanized application. The built-in automatic update mechanism seems unaffected. OSX/Proton is a backdoor with extensive data stealing capabilities. It gains persistence on the system and can steal OS details, browser information, cryptocurrency wallets, and more.
