New backdoor Mac OS X Trojan surfaces
Posted on 28.02.2011
There are many good reasons to choose a Mac machine, and among those is surely the fact that malware for OS X still pops up rarely. As Apple slowly but surely increases its market share, we are sure to witness more and more malicious code written specifically for targeting Mac users.

In the meantime, even what seems to be a beta version of a Mac OS X Trojan is enough to raise our heads from the keyboard and take notice, so Sophos' researchers warn about a backdoor Trojan that will quite likely have the ability to take over the infected system and perform a series of unwanted actions.


Even though the author named the Trojan "BlackHole RAT", Sophos calls it MusMinim in order to avoid any mix up with the legitimate "Black Hole" application for clearing sensitive information from Macs.

The Trojan's interface contains a curious mix of English and German, possibly indicating the nationality of its author(s). The analysis of the code reveals that the Trojan itself is a variant of darkComet - a well-know Windows Remote Access Trojan (RAT).

This type of Trojan typically uses a client-server program to communicate with the infected machine - a server application is installed on the victim's machine while the client application can be found on the attacker's machine.

The Trojan apparently allows the attacker to run arbitrary shell commands, send a restart, shutdown or sleep command, send a message which is displayed on the victim's screen, make specific URLs be opened in the victim's default browser and engage in phishing by making a fake "Administrator Password" window pop up.


This version is believed do be a beta because the author declares it to be so in the welcome screen and the default message to be displayed on the victim's screen, but that doesn't mean it is not already functional and that it cannot already be used - or that it has not already been used.

Sophos already added protection against the threat to its Mac AV solution, so it's more than probable that other AV vendors will do it soon - if they haven't already. In the meantime, users are advised to avoid downloading unknown applications from software download and torrent sites, which are usually used to spread malware like this.






Spotlight

Fake "Online Ebola Alert Tool" delivers Trojan

Posted on 29 October 2014.  |  Cyber scammers continue to take advantage of the fear and apprehension surrounding the proliferation of the Ebola virus.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //