11/24/2021»»Wednesday

Folx Official Site


On the 19th of October 2017 we were informed by a malware research company ESET that our servers have been hacked and our apps namely Folx and Elmedia Player DMG files are distributed with a malware.

It's an official Google Chrome extension by Free Download Manager developers. The sole purpose of this extension is integration with Free Download Manager. FDM is a fast and reliable download manager and accelerator that improves your experience with downloads and helps you organize them in an easy manner. Enter the Data Viz Competition to showcase your data visualization technical and artistic skills, all while competing for the top prize. May the most visually stunning, captivating, and attention grabbing data visualization win. We provide the data, you provide the visuals! More details to come soon! Official Launch will be Nov.

Our cybersecurity team in close coordination with ESET Team and Apple representatives took all the necessary steps and actions to stop the distribution of this Malware successfully.

We now officially announce that it is absolutely safe to download Elmedia Player, Folx, and other Eltima Software applications by users.

SYSTEM CHECK!!!
If you recently downloaded Elmedia Player or Folx, ESET advises you do a system check to confirm if your system was compromised or not.

Instructions- Scan for the absence of the following file or directory on your system:

Official Site Phone Number

/tmp/Updater.app/
/Library/LaunchAgents/com.Eltima.UpdaterAgent.plist
/Library/.rand/
/Library/.rand/updateragent.app/

The presence of any of the files above is an indication that your system may have been infected by the trojanized Elmedia Player or Folx application which means your OSX/Proton is most likely running. If you downloaded Elmedia Player or Folx on the 19th of October 2017, your system is likely affected.

NOTE: Only Elmedia Player and Folx version downloaded from our official Eltima website was infected by this malware. However, the built-in automatic update mechanism is unaffected based on the data available to our cybersecurity experts.

Steps to rid your system of this Malware

  • A total system OS reinstall is the only guaranteed way to totally rid your system of this Malware. This is a standard procedure for any system compromise with the affection of administrator account.

Matthew Fox Official Site

Please, be advised that some other system information may have been affected and take appropriate measures to invalidate them.

A Trojanized version of Elmedia Player software for Mac was available for download for who knows how long from the developer’s official site, ESET researchers have found.

The threat

The compromised package was made to deliver the newest version of the Proton backdoor.

After gaining persistence on a victim’s system, the malware is able to hoover up OS and browser information (history, cookies, bookmarks, login data, etc.); SSH, GnuPG, 1Password, and macOS keychain data; VPN configurations; cryptocurrency wallets (Electrum, BitcoinCore, Armory).

“In the current case of Eltima trojanized software, the attacker built a signed wrapper around the legitimate Elmedia Player and Proton. In fact, we observed what seems to be real-time repackaging and signing of the wrappers, all with the same valid Apple Developer ID,” the researchers shared.

Apple has been notified and has revoked the certificate, and is currently in the process of invalidating the Developer ID used to sign the malicious application.

Who’s in danger?

Store Official Site

Eltima Software, the creators of the compromised application, apparently didn’t notice that something was amiss. But, after being contacted by ESET, they proceeded to pull the malicious package from their site.

They say that their infrastructure has now been cleaned up and that the Elmedia Player package currently being offered for download is clean.

Arctic fox official site

Fox Official Site

Eltima is yet to offer more details about their investigation, so we don’t know for how long the malicious package was online, or by how many users it has been downloaded. They’ve also yet to put any notification about the compromise on their Web site or spread the news via social media.

“If you have downloaded that software on October 19th before 3:15pm EDT and run it, you are likely compromised,” the researchers noted.

Users can verify whether they’ve been infected by checking for the presence of com.Eltima.UpdaterAgent.plist in the System/Library/LaunchAgents/ directory. (The researchers have provided other indicators of compromise, but this one is the most visible to users who are not that tech-savvy.)

If you’ve been hit, the best way to make sure your system is thoroughly clean is to do a full OS reinstall. Also, assume that all the information mentioned above has been compromised and to take appropriate measures to invalidate it.

24 Tv Show On Fox Fox Official Site

UPDATE (October 20, 2017):

Eltima Software has confirmed that, in addition to the Elmedia Player software, the hackers have also bundled its download manager Folx with the Proton backdoor. Both packages offered on the Web site are now clean.

Folx Official Site Website

“Only Elmedia Player and Folx version downloaded from our official Eltima website was infected by this malware. However, the built-in automatic update mechanism is unaffected based on the data available to our cybersecurity experts,” they noted. “If you downloaded Elmedia Player or Folx on the 19th of October 2017, your system is likely affected.”

They backed ESET researchers’ advice to affected users: “A total system OS reinstall is the only guaranteed way to totally rid your system of this malware.”

Most Viewed Posts