You may recall mid 2017 Handbrake’s download server was compromised and the software was repackaged and made to install malware, alongside the actual Handbrake app. Fast forward to last week, the same attack (supply-chain attack) was used on Eltima, makers of Elmedia Player. Their download server was compromised and the downloads of two software installers were altered to include and install a new variant of OSX/Proton malware. Anyone that downloaded Elmedia Player or Folx on or before October 19th probably downloaded an infected installer.
To read more on this, have a look at my article on the Intego blog here.