BlackHole RAT Trojan Hits the Mac

| News

A new trojan-based security threat dubbed “BlackHole RAT” has hit the Mac, and while still in a rudimentary stage, still poses a real risk to Mac OS X users.

According to security research company Sophos, is a Mac-compatible version of the Windows darkComet trojan, although it appears to be in beta development for now.

BlackHole RAT Trojan. Ugh.The BlackHole RAT trojan for Mac OS X

Like all trojans, BlackHole RAT tricks users into thinking it is a legit application. When launched, it installs its payload. Currently, the trojan places text files on user’s desktop, pushed URLs to victims, runs arbitrary shell commands, sends restart, shutdown and sleep commands, and displays a fake dialog designed to trick victims into giving up their administrator password.

The trojan also displays this message:

I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can’t be infected, but look, you ARE Infected!

I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.

So, Im a very new Virus, under Development, so there will be much more functions when im finished.

The BlackHole RAT trojan is being distributed in pirated software, although it could potentially be delivered through Web browser vulnerabilities when visiting Web sites designed to push an infected app to user’s computers.

Like other trojans, this one requires user interaction before it can cause problems on user’s Macs. Avoiding BlackHole RAT should be relatively easy simply by staying away from pirated software Web sites and surfing only to sites you know and can trust.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

11 Comments Leave Your Own

Lee Dronick

“I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can?t be infected, but look, you ARE Infected!

I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.

So, Im a very new Virus, under Development, so there will be much more functions when im finished.”

Those words pretty much sums up what I think is the emotional maturity of virus writers; Stuck at the age of 15 years.

daemon

@Sir Harry

I could have sworn your response would have been “You mean I have to be stupid enough to download it? Move along, nothing to see here.”

Instead you go with the script kiddy assumption instead of acknowledging that Trojan writing is big money in grey market applications. Hell, even Apple installs Trojans to allow remote administrators to access the camera functions of your Macbook and keep track of your actions on the Macbook.

vasic

It looks like this virus was written with the mindset of virus writers from the late 80s and early 90s—for the bragging rights.

Today’s malware writers (for Windows) are doing it for the money. They look for easiest, low-hanging fruit, exploiting holes that are easiest to exploit and most likely unpatched, in order to infect as many Windows PCs and turn them into zombie PC botnets, which they can then rent to other criminal types for good sums of money. They DON’T want the user to discover the infection; there are no childish prank messages in there. They are stealthy and difficult to detect, because their fundamental purpose is making money illegally.

This virus, on the other hand, is a throwback to the old times, when viruses did damage for the damage’s sake.

Lee Dronick

Just because someone is making money off of malware doesn’t mean that they are not immature.

prl53

@daemon
I find it interesting that you are comparing a perfectly acceptable admin function to a legitimate trojan. A properly configured multi-user system always has admin capabilities that are used to manage a system. A remote administrator better be someone you trust (corporate installations aside) or you shouldn’t give them admin access. If you’re talking about the schools, sorry, but in my opinion schools have every right to monitor student’s computer access. I’m a tax payer and I want to know the students aren’t abusing their privileges. As for abuse by those school computer administrators, that’s up to the school to deal with. This functionality still isn’t a trojan.

daemon

@prl53
Can you tell me why Leon Walker is facing five years in prison for reading his wife’s email on the computer that he owned with her yet Bradford C. Councilman isn’t despite stealing thousands of people’s private emails?

The Skeptic

This is NOT a virus (a self-replicating and contagious “disease”).  It does not exploit the operating system, it attempts to exploit the user.

If you deliberately install it (very stupidly) as a standard user it can potentially act as the currently logged on user.

If you provide it with an Administrator password… then it can potentially do some damage.

daemon

This is NOT a virus

What’s your point? The average Mac user has no idea what is the difference between a virus, trojan, or a worm. When my female friend says to me “I have a virus” and it turns out that it’s a trojan, do you think it makes any difference to her?

Lee Dronick

When my female friend says to me ?I have a virus? and it turns out that it?s a trojan, do you think it makes any difference to her?

smile

The Skeptic

What?s your point?

Pretty simple really.  You can catch a virus, you have to install this trojan.  There is ZERO chance of this thing spreading into the mainstream.

The average Mac user has no idea what is the difference between a virus, trojan, or a worm. When my female friend says to me ?I have a virus? and it turns out that it?s a trojan, do you think it makes any difference to her?

Yep… she should be relieved.  Pregnancy is not a disease.

daemon

Yep? she should be relieved.  Pregnancy is not a disease.

But it is a dangerous condition that can cause the death of the woman should proper medical attention not be sought.

Log-in to comment