nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

You think your day was bad? OS X malware hackers just swiped a Mac dev's app source

Appropriately named Panic has its repository raided after founder gets infected

By Shaun Nichols, 18 May 2017

The head of a Mac-centric software studio is coming clean today after a malware infection on his OS X machine last week resulted in the loss of source code for several products.

Steven Frank, founder of Portland, Oregon-based Panic Inc, said he fell victim to a poisoned download of the Handbrake video transcoder that resulted in the installation of a backdoor on his Mac.

"HandBrake had been nagging me for some time to install an update. I finally decided, for whatever reason, to do the update," Frank explained. "There was a note in HandBrake's update dialog that the incremental update was not available, and that I'd have to download an entirely fresh copy from their server."

By the time he heard the news about the HandBrake infection, Frank said, his machine had not only been accessed by a hacker via the backdoor, but had been harvested for Git server credentials that were then used to access and copy the code for several of the company's closed-source products. Panic develops a number of games and utilities for both macOS and iOS.

The hacker later confirmed the theft when Panic was contacted with a ransom demand for the return of the source code, a payout the company said it will not make as it figures the code would be released anyway by the miscreants.

Now, Panic says, it will be preparing for any of a number of bad scenarios, including the possible repackaging of the code into fake copies of software (loaded with further malware) and the sale of the code to rival Mac app creators.

The developer is also working with the FBI to investigate the attack, and Apple has stepped in to give Panic a new developer ID and is keeping an eye out for any malicious apps that might use the pilfered source code.

Frank says his company is hoping to make the best of the incident by using the theft as motivation to update the apps and make the stolen code obsolete as fast as possible.

"This hack hasn't slowed us down. That source is already missing a ton of fixes and improvements we committed over the last week alone, and six months from now it will be missing major critical new features. In short: it's old and getting older," he argues.

"At this point in our discussion, we even half-seriously considered releasing the source code ourselves – and when that idea was floated, and we realized there wouldn't be any fallout (other than a lot of code questions!), that's when we truly felt free." ®

Sign up to our Newsletter

Get IT in your inbox daily

The Register - Independent news, views and opinion for the tech sector. Part of Situation Publishing