Mac OS X Users at Risk from 'BlackHole RAT'?

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

It's not everyday that a new malware attack emerges for Apple's Mac OS X operating system. Researchers at security vendor Sophos are reporting the discovery of a new OS X backdoor Trojan which they have labeled as OSX/MusMinim-A.

The malware, however, identifies itself as BlackHole RAT (Remote Access Trojan) and is a variant of a similar RAT trojan known as darkComet, which targets Windows operating systems.

In terms of what the BlackHole RAT actually does, Sophos notes that the Trojan could send arbitrary shell commands to an infected Mac OS X machine or send a fake administrator password pop up in an effort to trick the user into giving up their administrator password. Additionally, BlackHole RAT could also send a restart, shutdown, or sleep command to an infected desktop.

Chester Wisniewski, senior security advisor at Sophos, told InternetNews.com that the malware runs withe the privileges of the user who is logged in.

"This would allow it to delete, copy or extract any files the user has access to," Wisniewski said. "Additionally with the fake escalate privileges dialog if you provided your password to the attacker they could use that to gain root access through the remote shell access in the Trojan."

In a blog post, Sophos researcher Chester Wisniewski notes that Trojans like BlackHat RAT often are distributed by way of pirated software downloads and torrent sites.

"It could also be dropped by a vulnerability in your browser, plug-ins and other applications," Wisniewski wrote. "Patching is an important part of protection on all platforms."

Drive-by downloads are a topic that multiple security researchers have been investigating over the last several years. The problem generally stems from insecure web servers and unpatched add-ons in the client browser. Among the most targeted browser add-ons are Oracle's Java as well as Adobe Flash and PDF.

The BlackHole RAT Trojan isn't the first time that Sophos has reported malware on OS X. Back in 2008, Sophos issued a report forecasting that Macs would increasingly come under malware attack. Sophos also markets security products to help protect OS X users against potential threats. Sophos isn't alone in warning about potential malware risks to OS X. Security vendor Symantec has also warned of Mac malware in the past, though it remains a rare occurrence relative to Windows.

Wisniewski said that Mac malware, primarily Trojans, are increasing in frequency. Sophos is now seeing several pieces of Mac malware every week, whereas a year or so ago they only saw about one per week.

"This one came to our attention as it shows more advanced development than most of what we see," Wisniewski said. "A lot of Mac Trojans are simply shell scripts that are aware of where OS X stores it configs and data, as opposed to where Linux or FreeBSD might."

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.