Security researchers at Sophos have announced the appearance of the ‘Remote Access Trojan’ known as “Blackhole RAT.”
Katie Marsal reports for AppleInsider, “The unfinished malware, said to be based on the Windows RAT ‘darkComet,’ allows hackers to remotely send commands or attempt to deceive a Mac user. The darkComet source code is freely available online.”
“One of the potential uses for the BlackHole Trojan, which the security firm has dubbed ‘OSX/MusMinim-A,’ is the ability to pop up a fake ‘Administrator Password’ window to phish a target,” Marsal reports. “It can also be used to place text files on the desktop, or remotely send a restart, shutdown or sleep command to the Mac.”
Marsal reports, “Using the Trojan, hackers could also run arbitrary shell commands, send URls to the client to open a website, or place a full-screen window with a message that only allows the user to click reboot.”
Read more in the full article here.
MacDailyNews Note: Here’s our usual oft-repeated reminder for Mac users and anyone who’s trying to use any other platform: Do not download and authorize the installation of applications (Trojans) from untrusted sources. No OS can protect users from themselves (or we wouldn’t be able to install any software). Those who grant attackers access to their Macs, should not be surprised to find their Macs are compromised.
Kudos to MDN for their warning!
Actually, iOS can protect users from themselves, since you can only install apps from the app store.
A number of programs with easter eggs have gotten by the vetting process. It’s possible, however short its stay in the App Store, that one could get by in that way. The whole thing is dependent on Apple’s ability to find the malicious code.
Still, the App Store is much safer than any alternative, it’s just not 100% bulletproof.
Nothing is ever 100% safe. That being said, the App Store is probably the safest model out there so far — especially if Apple takes the time to assemble their own software to scan each app upon submission.
It’s kind of like leaving the front door unlocked and the vault open at the bank. If you give access, you will be screwed.
..like driving to a bad neighborhood and leaving the keys in your Mercedes.
we Mac users have gotten accustomed to grant full admin privileges during any installation. often, however, the only privilege needed is to allow an app to be placed in the Application folder.
It would be safer for the apple installer to restrict the reqested priviliges to what’s needed and nothing more.
Already had to eradicate some ignorance on Facebook about this. Be not afraid, noobs were pwned.
*some ignorance about this on Facebook
Dangling prepositions = fail
“this” is not a preposition. 🙂
Have Sophos running on my Macs – it’s completely unobtrusive and free – so what’s not to like?
Unnecessary usage of RAM and processor cycles.
This is one big reason I became a Mac user 6 years ago.
I’d be willing to wager any amount of money that this trojan which Sophos is ‘warning’ us about was actually written by someone at Sophos.
Oh come on! Time to get off the high horses and pull out all the stops. If we stick together and get this thing licked we can show who’s on top when the rubber meats the road!!!
Now what were we talking about?
Rubber meat?
You Still need to authorize install of it, so user intervention is necessary for it to work.
Symantec is more than likey the ones that commissioned it
Does ClamXAV protect against this?
The biggest Trojan for the Mac is when you install Android developer tools in it.
Nice!
LOL 😀
or jail breaking, I heard that records passwords
I’v been tempted to jailbreak, thinking about having llvm and clang on my iphone….
maybe I could just try it….