Monday, February 28, 2011

Now in beta: OS X backdoor Trojan


Security researchers at Sophos Labs last week discovered a new, "still in beta" backdoor Trojan targeting Mac OS.
The Trojan, identified as BlackHoleRAT, is a variant of the free "remote administration tool" darkComet RAT for Windows, and gives the administrator the ability to place text files on the desktop, send restart, shutdown or sleep commands, to run shell commands, to place a full-screen window with a message that forces a reboot, to force URLs to a client, and to pop up a fake "Administrator Password" phishing window.
It lacks much of the functionality of its Windows counterpart, but carries the somewhat amusing message with the forced reboot:
I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can't be infected, but look, you ARE Infected! I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it. So, Im a very new Virus, under Development, so there will be much more functions when im finished.
Obviously this pseudo-apologetic message is geared toward potential customers who would like to sink their teeth into Mac OS malware, rather than actually for someone whose system was infected.
It's a little boring but you can watch the video HERE
Since Mac OS has been gradually gaining PC operating system market share, more companies are entering the Mac security field. Earlier this month Comodo released a free Mac antivirus alongside Sophos.

And that's just in Beta!  You know most Mac users think they don't need protection so imagine what the final product will do to all the vulnerable Macs out there in the world.


  1. I'm surprised that it's taken this long. Mac users have had it easy for a long time (and as long as they remain in the minority, they will probably still never suffer as much malware as Windows users).

    Trojans don't exploit an inherent weakness in the OS. They exploit the user's gullibility. The Mac is no more susceptible to trojans than any other system. Third-party security tools are no substitute for due diligence.

    OS X always warns you when you attempt to run a program for the first time. Mac users should certainly pause before giving any program execute privileges.

    I only install software from legitimate sources, and that has been out for a while and reported to be relatively bug free by those on the bleeding edge.

    Apple is being proactive. One of the big advantages of the recently announced Mac app store is that users can feel confidence in the software they obtain there. If they stick to the app store and avoid installing anything received as an email enclosure, they should be ok.

  2. It hasn't taken long at all. Apple had the first computer virus in 1981. The first PC virus came out in 1986. I'm a Windows user and I have never "suffered" from any viruses but I know Mac users that have. If Mac is "no more susceptible" than why is it ALWAYS the first to fall in PWN2OWN? Just curious.

  3. Windows has been inundated with exploits for years. You are in the minority of Windows users if you have not been infected at some point. More power to you.

    While the classic Mac OS was indeed attacked, there were way more viruses written for Windows. I found that the freeware Disinfectant extension did a perfect job of protecting my old Macs. I never needed to resort to Norton or Symantec.

    Since adopting OS X, my system has been clean without the use of any third-party security software. If things heat up, I'll reconsider.

    I do believe that the Mac has been largely ignored by malware exploits because of its low market share. But hey, the bottom line is that we Mac users have enjoyed the safety living in Windows shadow. It works for me.

  4. Of course, you still need to do something stupid to encounter this thing.

  5. True that. It is my experience that most users are stupid and would be better off being protected. I guess if Brett wants to argue that point, that's his prerogative.

  6. Security software has its downsides as well. It can slow your computer as it scans and monitors operations. It is not infallible and can itself introduce bugs and corruption, often the result of false positives. It can cost money, and must be kept up to date.

    If Mac exploits were as common and insidious as those for WIndows, I'd certainly recommend security software for the Mac. I just don't think the time has come yet, at least for people who take reasonable precautions.

  7. Is this out of beta yet? Oh, right, more FUD.

  8. Here's one Mac "anti-virus" utility I'm glad I'm not using.

  9. Goddamn. That looks pretty serious. VirusBarrier looks like a pretty good app tho. It probably pays for itself at $50 for 2 computers.