backtop


Print 88 comment(s) - last by overzealot.. on Mar 6 at 1:06 AM


The new Apple Trojan "BlackHoleRat" sneaks itself in through OS X users' open back doors. It is currently in "beta" and its capabilities are being expanded.  (Source: Sophos Labs)

One of its capabilities is to pop up fake administrator password request windows as a phishing attempt  (Source: Sophos Labs)

The trojan even delivers humorous messages to users in current form.  (Source: Sophos Labs)

  (Source: Chris Moncus)
Malicious program still appears to be in "beta" form, unlike its Windows counterpart

Security researchers at Sophos Labs have discovered a naughty new trojan that's in the process of beta testing attack capabilities against the growing population of Mac users.

The trojan exploits open back doors in OS X to gain a good deal of access to the system.  It can be transmitted through a variety of vectors, including torrent files or seemingly legitimate download programs.  It could also be, in the future, delivered via the exploitation of browser flaws to perform "drive by downloads".

Once inside, the Trojan gets down to business, allowing the attacker to have their way with their Apple victim.  The attacker can plant text files on the desktop, force URLs to open, run shell commands, and pop up fake password windows in a phishing attempt.

They can also force the users machine shutdown or reboot. When a reboot is forced an amusing message pops up, informing:

I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can't be infected, but look, you ARE Infected! I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it.

So, Im a very new Virus, under Development, so there will be much more functions when im finished.

The virus is a port of darkComent, a remote access trojan for Windows.  The new OS X versions has been dubbed "OSX/MusMinim-A", or "MusMinim" for short, by Sophos.  Its creators, however, call it BlackHoleRat.

Sophos believes its creators will likely expand its functionality now that the concept has been proven.  It will likely be loaded with far nastier tricks in the future.

Despite its obscurity, Apple's poor security track record virtually ensures that Apple OS X users back doors will be open in years to come.  And increasingly they may find malicious individuals looking to poke and prod their way inside.

Still Apple has been quite quiet in its direction to users to get an anti-virus program.  To this day it still tries to portray Windows as "virus-laden" and OS X as virus-free.  As a result of this ostrich-in-the-sand attitude, some users may fall victim of unwanted backdoor intrusion.

Apple has yet to comment on its users' latest infection or hint at how widespread it might be.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Beta?
By JasonMick (blog) on 2/28/2011 3:40:15 PM , Rating: 5
quote:
If I had to guess I'd say Sophos are behind the FUD to make a few bucks...


While I'd like to believe you are joking, if not I find it kinda incredible you believe a major antivirus firm would claim fake viruses for an operating system.

If that's the twisted logic you're going to try to use to somehow to defend your Apple superiority complex, good luck to you....

OS X isn't some magical operating system -- its ONLY real security advantage over Windows is because it is by and large pretty unpopular -- few people use it.


RE: Beta?
By messele on 2/28/11, Rating: -1
RE: Beta?
By JasonMick (blog) on 2/28/2011 3:54:08 PM , Rating: 5
quote:
Why is that so incredible? In any case that is not what I am saying but since you are a great reporter who clearly went to great depth with this one (or just repeated what he read elsewhere without researching the background)


A) I never claimed to be great, but I appreciate your praise!
B) So I'm supposed to do my own security research in addition to reporting? Is it not legitimate to cite a professional report on a topic I'm reporting on? If that's your expectations, sorry to disappoint...

quote:
is it not possible that somebody had written this Trojan PoC and approached Sophos, who in turn broke the story to sell software?


rubbish.

quote:
Read elsewhere for an explanation as to why no virus has replicated on OS X yet, it's certainly not because the operating system is unpopular because to claim such a thing makes you laughable in your profession


Err that is precisely why it's not targeted. You don't find many pickpockets in Nome, Alaska.

And it may be "popular" among the small crowd that use it, but by and large most users don't prefer/like OS X for whatever reason (be it quality of hardware options, Apple's business behavior, gaming, software compatibility, etc.) as evidenced by their decision to pick Windows. Apple typically has had 5% market share or less.

But don't let me stop you from believing OS X is immune to viruses....


RE: Beta?
By messele on 2/28/11, Rating: -1
RE: Beta?
By JasonMick (blog) on 2/28/2011 4:13:51 PM , Rating: 5
quote:
0MFG did you actually just type that? So as a reporter you just take it as read that what you are being told is entirely the truth and there is no possibility that there is ANY other angle or interpretation of this situation at all? Do you report or do you repeat press releases?


So when I report on a battery pack Tesla engineered for the Model S, I should have been in there engineering my own EV, huh?

quote:
You wont want my advice but I'm going to give it. Dump the tech and go report for a week in Libya. Gaddaffi is a professional head of state (he's been doing it long enough) and he'll be happy to give you LOADS of professional reports that you can share with the world.

I can guarantee you'll return a hero and black-gold tycoon.


FACEPALM.

Did you just compare Sophos Security researchers to a African dictator? Unreal...


RE: Beta?
By messele on 2/28/11, Rating: -1
RE: Beta?
By omnicronx on 2/28/2011 6:14:21 PM , Rating: 5
Please buddy, take your conspiracy theories elsewhere..

You don't last long in the security firm business if your research does not hold true. Are you seriously surprised that what we knew all along is finally coming to fruition?

Every security expert in the world knows that Apple is only as secure as the size of its userbase. I.e they achieve security through obscurity.

There is no such thing as a completely secure system, which especially holds when connected to the web.


RE: Beta?
By B3an on 2/28/2011 11:16:55 PM , Rating: 4
I'd also like to add to your comment that it has been said by multiple security firms, and by hackers at hacking conventions, that OSX is less secure than windows.

I wouldn't be surprised if it was WAY less secure. MS have been fixing and patching security holes for so long and now have so much experience in it. Even when Apple do actually patch a hole, they have sometimes taken up to a year to do it, sometimes it never gets done. And when they do actually patch a hole it's hard to find anything from them that mentions they have done it because that would be admitting there precious OS has problems.


RE: Beta?
By wordsworm on 2/28/11, Rating: -1
"I'd be pissed too, but you didn't have to go all Minority Report on his ass!" -- Jon Stewart on police raiding Gizmodo editor Jason Chen's home














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki