Last week, for about three days, the macOS video transcoding app
HandBrake was compromised. One of the two download servers for
HandBrake was serving up a special malware-infested version of the
app, that, when launched, would essentially give hackers remote
control of your computer.
In a case of extraordinarily bad luck, even for a guy that has a
lot of bad computer luck, I happened to download HandBrake in that
three day window, and my work Mac got pwned.
Long story short, somebody, somewhere, now has quite a bit of
source code to several of our apps.
This is one hell of a story and quite a shock, but the crew at Panic kept their heads together and did the right thing: they’ve opened up completely and honestly, refused to deal with the blackmailer, and I think they are correctly unworried about their source code being leaked publicly.