app directories) like HandBrake, and both of them ask for your password at install time. pkg files) rather than as self-contained apps (. Nevertheless, it’s easy to fall for a fake password dialog of this sort: both Java and Flash, for example, arrive as installers (. (Codec is a widely-used jargon term meaning coder/decoder.)
The HandBrake needs to install additional codecs prompt should ring alarm bells: The HandBrake app inside the DMG file starts running just as you might expect, but has had extra “secret sauce” compiled into it: The malware-infected download looks similar to the real thing when it’s opened:
