Security firm details new Trojan written for Apple's Mac OS X
Security researchers at Sophos have taken the appearance of the "Remote Access Trojan" known as "Blackhole RAT" as a sign that hackers are beginning to take notice of Apple's continued success with the Mac platform. The unfinished malware, said to be based on the Windows RAT "darkComet," allows hackers to remotely send commands or attempt to deceive a Mac user. The darkComet source code is freely available online.
One of the potential uses for the BlackHole Trojan, which the security firm has dubbed OSX/MusMinim-A," is the ability to pop up a fake "Administrator Password" window to phish a target. It can also be used to place text files on the desktop, or remotely send a restart, shutdown or sleep command to the Mac.
Using the Trojan, hackers could also run arbitrary shell commands, send URls to the client to open a website, or place a full-screen window with a message that only allows the user to click reboot. MusMinim is said to be "very basic," and the user interface has a mix of English and German.
The full-screen window with reboot button displays default text to the user of the affected system. It states that the Trojan is "under development," and promises "much more functions" when the final product is released.
The lack of viruses and Trojans on the Mac has long been a selling point of Apple hardware. Just last week, it was revealed that Apple has begun inviting security experts to examine its developer preview of Mac OS X 10.7 Lion, the company's forthcoming operating system update due out this summer.
Prominent security researchers including Charlie Miller and Dino Dai Zovi were asked to analyze security countermeasures included in the first beta of Lion. Apple's invitation to researchers marks the first time the company has expanded beyond its core developers to expose its software to community scrutiny.
Last October, a Java-based Trojan targeting Mac OS X spread through social networking sites by baiting users into clicking a link. Though the Trojan gained some attention, it did not affect a large number of Mac users.