December 4, 2016

BlackHole RAT – New Mac Trojan

Security researchers from Sophos have spotted a new piece of malware. Which in itself isn’t unusual, but this one is as it targets Mac OS X and not Windows.

According to the client end of the malware, used by the attacker to send commands to the remote machine, the software is still beta quality and not yet finished. The implication is that development is on-going and a more sophisticated version of the software is planned.

Known as BlackHole RAT the software seems to be a port of the well-known Remote Access Tool/Trojan (RAT) for Windows known as darkComet. SophosLabs have dubbed the trojan as OSX/MusMinim-A.

At the moment there are no reports of this tool spreading in the wild and the doesn’t come with a deliverly mechanism meaning that attackers wishing to use it need to find a way to infect the remote Mac with the server component via a vulnerability in a browser or plugins etc.

The functionality of the so-called beta is fairly limited and current only allows the attacker to:

  • Placing text files on the desktop
  • Sending restart, shutdown or sleep commands
  • Running arbitrary shell commands
  • Placing a full screen window with a message that only allows you to click reboot
  • Sending URLs to the client to open a website
  • Popping up a fake “Administrator Password” window to try and solicit the administration credentials from the victim

However this is enough to cause damage to the remote machine and has the potential for online fraud.

http://ithreats.net have posted a YouTube video of BlackHole RAT in action.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks