It is incredibly easy to add a malicious components (malware) to DMG files, uploading them to file sharing websites like sourceforge.net, & infecting computers on a mass scale. SHA checksum is added to DMG files like TransmissionBT1, & Handbrake.fr2 to detect file tampering.
How to check SHA checksums:
In terminal, find the file(s) you’d like to check. “cd” command is to change directories, “ls” is to list files in a folder.
Use the following syntax: shamus file.dmg (Illustrated below)
The default for the shasum command is to use SHA1, the most common hash type, but this can be changed with the -a flag if necessary to 224, 256, 384, or 512.
Finally you can check the hexadecimal string on the main downloading website:
Always remember to download the files from a reputable source.
1. Popular BitTorrent Client Transmission Gets Infected With Malware Again
2. HandBrake hacked to drop new variant of Proton malware
Isaac Adams-Hands
Full Stack Developer, Digital Marketer, and InfoSec enthusiast. He received his Bachelor’s Degree from the University of Western Sydney and his Business Diploma from Georgian College before joining various marketing positions in search portals, e-commerce, higher education, and addiction recovery services.
Follow @ twitterRelated posts
Programming the DJI Tello [Mac]
Starting off, let’s all admit, you are going to crash into stuff, so more space you have the better. How-to: Program Tello to do backflips with Scratch 2.0! Install brew.sh on your Mac, If you are unfamiliar with brew! Homebrew is a free and open-source software package management system that simplifies the installation of software)…. Read More
Backup VestaCP with Restic [Ubuntu]
Now that my VestaCP install is north of 100GB, backups are becoming more challenging. To achieve an extra level of security, I started backing up my server to S3 using Restic. Here are the steps I took to achieve this. 1. SSH into your box.ssh root@IP 2. Install Resticapt install restic *if you don’t have… Read More