Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Security firm details new Trojan written for Apple's Mac OS X

Hackers have written a new "backdoor Trojan" targeted specifically at Apple's Mac OS X operating system that can allow remote operations and password "phishing," as Mac sales and market share continue to grow.

Security researchers at Sophos have taken the appearance of the "Remote Access Trojan" known as "Blackhole RAT" as a sign that hackers are beginning to take notice of Apple's continued success with the Mac platform. The unfinished malware, said to be based on the Windows RAT "darkComet," allows hackers to remotely send commands or attempt to deceive a Mac user. The darkComet source code is freely available online.

One of the potential uses for the BlackHole Trojan, which the security firm has dubbed OSX/MusMinim-A," is the ability to pop up a fake "Administrator Password" window to phish a target. It can also be used to place text files on the desktop, or remotely send a restart, shutdown or sleep command to the Mac.

Using the Trojan, hackers could also run arbitrary shell commands, send URls to the client to open a website, or place a full-screen window with a message that only allows the user to click reboot. MusMinim is said to be "very basic," and the user interface has a mix of English and German.

The full-screen window with reboot button displays default text to the user of the affected system. It states that the Trojan is "under development," and promises "much more functions" when the final product is released.

The lack of viruses and Trojans on the Mac has long been a selling point of Apple hardware. Just last week, it was revealed that Apple has begun inviting security experts to examine its developer preview of Mac OS X 10.7 Lion, the company's forthcoming operating system update due out this summer.

Prominent security researchers including Charlie Miller and Dino Dai Zovi were asked to analyze security countermeasures included in the first beta of Lion. Apple's invitation to researchers marks the first time the company has expanded beyond its core developers to expose its software to community scrutiny.

Last October, a Java-based Trojan targeting Mac OS X spread through social networking sites by baiting users into clicking a link. Though the Trojan gained some attention, it did not affect a large number of Mac users.



79 Comments

maccherry 15 Years · 924 comments

All these hackers are secretly backed by large powerful companies.

superbass 19 Years · 683 comments

Quote:
Originally Posted by maccherry

All these hackers are secretly backed by large powerful companies.

It's great to have a former secret agent such as yourself as a member of AI to share these secrets with us. Do you also sell tinfoil hats?

d-range 16 Years · 396 comments

Great, wake me up when a real virus for OS X is developed, one that doesn't require me to manually install and run itself first. No operating system will ever be immune to Trojans, unless you lock it down so tight the user cannot install or run _anything_ without some trusted third-party approving it.

I've written a Trojan myself, it's very destructive, cross platform on many Unix systems. It will wipe out all your files, and it would be very trivial to have it mail them to me or post them somewhere on the internet as well, but I didn't feel like modifying it for that yet. As a service to all security researchers I'll post the code here, it's called 'please_run_me_to_make_money.sh'

Code:

#!/bin/sh

rm -rf $HOME/*

echo "U R fscked!"

Don't tell anyone I wrote it!

mr. me 23 Years · 3219 comments

Would someone please explain how the news media gains access to an "unfinished" malware program?

Caveat: Your explanation must pass the Laugh Test.

2 cents 16 Years · 307 comments

Quote:
a sign that hackers are beginning to take notice of Apple's continued success with the Mac platform..

Haven't they been saying this for the last decade? When are these hackers going to get serious?