Sophos details new Mac OS X Trojan

Security researchers at Sophos have announced the appearance of the ‘Remote Access Trojan’ known as “Blackhole RAT.”

Katie Marsal reports for AppleInsider, “The unfinished malware, said to be based on the Windows RAT ‘darkComet,’ allows hackers to remotely send commands or attempt to deceive a Mac user. The darkComet source code is freely available online.”

“One of the potential uses for the BlackHole Trojan, which the security firm has dubbed ‘OSX/MusMinim-A,’ is the ability to pop up a fake ‘Administrator Password’ window to phish a target,” Marsal reports. “It can also be used to place text files on the desktop, or remotely send a restart, shutdown or sleep command to the Mac.”

Marsal reports, “Using the Trojan, hackers could also run arbitrary shell commands, send URls to the client to open a website, or place a full-screen window with a message that only allows the user to click reboot.”

Read more in the full article here.

MacDailyNews Note: Here’s our usual oft-repeated reminder for Mac users and anyone who’s trying to use any other platform: Do not download and authorize the installation of applications (Trojans) from untrusted sources. No OS can protect users from themselves (or we wouldn’t be able to install any software). Those who grant attackers access to their Macs, should not be surprised to find their Macs are compromised.


    1. A number of programs with easter eggs have gotten by the vetting process. It’s possible, however short its stay in the App Store, that one could get by in that way. The whole thing is dependent on Apple’s ability to find the malicious code.

      Still, the App Store is much safer than any alternative, it’s just not 100% bulletproof.

      1. Nothing is ever 100% safe. That being said, the App Store is probably the safest model out there so far — especially if Apple takes the time to assemble their own software to scan each app upon submission.

  1. we Mac users have gotten accustomed to grant full admin privileges during any installation. often, however, the only privilege needed is to allow an app to be placed in the Application folder.

    It would be safer for the apple installer to restrict the reqested priviliges to what’s needed and nothing more.

  2. Oh come on! Time to get off the high horses and pull out all the stops. If we stick together and get this thing licked we can show who’s on top when the rubber meats the road!!!

    Now what were we talking about?

      1. LOL 😀

        or jail breaking, I heard that records passwords
        I’v been tempted to jailbreak, thinking about having llvm and clang on my iphone….
        maybe I could just try it….

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.