One of the reasons why users are encouraged to download apps from official app stores or from the official developer’s website is because they’re safer. This isn’t to say that third-party download sites are bad, but sometimes there are some who embed malicious files into them and trick users into installing malware.Unfortunately for Mac users who have been downloading HandBrake, it seems that there is a chance that they might have downloaded a trojan from the official website. This is due to a server breach in which the original file was replaced by a malicious file that contained a trojan that is capable of providing the hacker with root access.
In a post on the HandBrake forums, “Anyone who has downloaded HandBrake on Mac between [02/May/2017 14:30 UTC] and [06/May/2017 11:00 UTC] needs to verify the SHA1 / 256 sum of the file before running it. Anyone who has installed HandBrake for Mac needs to verify their system is not infected with a Trojan. You have 50/50 chance if you’ve downloaded HandBrake during this period.”
This applies to users who downloaded the file from the download.handbrake.fr mirror between the 2nd of May to the 6th of May. If you didn’t then you should be safe, but if you did then you’ll want to head on over to HandBrake’s website for further instructions on what you can do about it and to check if you might have downloaded the malicious file.