A new trojan-based security threat dubbed “BlackHole RAT” has hit the Mac, and while still in a rudimentary stage, still poses a real risk to Mac OS X users.
According to security research company Sophos, is a Mac-compatible version of the Windows darkComet trojan, although it appears to be in beta development for now.
The BlackHole RAT trojan for Mac OS X
Like all trojans, BlackHole RAT tricks users into thinking it is a legit application. When launched, it installs its payload. Currently, the trojan places text files on user’s desktop, pushed URLs to victims, runs arbitrary shell commands, sends restart, shutdown and sleep commands, and displays a fake dialog designed to trick victims into giving up their administrator password.
The trojan also displays this message:
I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can’t be infected, but look, you ARE Infected!
I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.
So, Im a very new Virus, under Development, so there will be much more functions when im finished.
The BlackHole RAT trojan is being distributed in pirated software, although it could potentially be delivered through Web browser vulnerabilities when visiting Web sites designed to push an infected app to user’s computers.
Like other trojans, this one requires user interaction before it can cause problems on user’s Macs. Avoiding BlackHole RAT should be relatively easy simply by staying away from pirated software Web sites and surfing only to sites you know and can trust.