Over the last few months, the industry has seen a number of software supply-chain compromises, where malware authors have snuck malicious code into legitimate software packages. It started with NotPetya being delivered by Ukranian accounting software, followed by Ccleaner delivering malware via their digitally signed installer package. This time, a popular Mac video application, Elmedia player, had its installer infected with malware. Watch the video below to learn more about this new software supply-chain hack, and what you can do to avoid it.
Episode Runtime: 2:59
Direct YouTube Link: https://www.youtube.com/watch?v=QQ4rGWj4HWk
EPISODE REFERENCES:
- Researchers post on Elmedia Player supply-chain hack – We Live Security
- Eltima’s response to their supply-chain hack – Eltima
- Malware hidden in video apps – The Register
—Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply