"BlackHole RAT" Surfaces as New Mac Trojan Written by Ron on February 27, 2011 - 07:44PM
Looks like there is a new Trojan in town and it wants your Mac! This new Trojan, named "BlackHole RAT" is reportedly in a beta stage and is nearly ready to take control of your Mac.
As <a href="http://nakedsecurity.sophos.com/2011/02/26/mac-os-x-backdoor-trojan-now-... reports</a>, this Trojan is a variant of a well-known Remote Access Trojan (RAT) for Windows known as darkComet. The author of the Trojan refers to his creation as the "BlackHole RAT." Sophos is going ahead and labeling this Trojan as "MusMinim."
In case you were curious, this Trojan can allow a hacker to gain remote access of the infected machine. All the hacker has to do is write an attack code to silently install it on a Mac, or trick a user to install it themselves.
This Trojan has several functions. It will place text files on the desktop. It will send a restart, shutdown, or sleep command. It will run random arbitrary shell commands. The Trojan will also send URLs to the user to open a website and pop up fake Admin Password windows to gain your valuable login info. Now, this Trojan will also place a full screen window with a message that only allows you to click reboot. This full screen window will say:
<blockquote>"I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can't be infected, but look, you ARE Infected! I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it. So, Im a very new Virus, under Development, so there will be much more functions when im finished.</blockquote>
But how do I prevent myself from getting this Trojan? Simple! These Trojans are frequently distributed on Torrent sites, pirated download sites, and various other 3rd party "suspicious" application sites. Avoiding these sources will increase your chances of avoiding this Trojan.