X

Mac OS X Trojan catches Sophos' eye

Security firm Sophos spots a "backdoor Trojan," known as both BlackHole RAT and MusMinim, that could hit Mac OS X users. The Trojan's developer says the malware isn't yet finished.

Don Reisinger
CNET contributor Don Reisinger is a technology columnist who has covered everything from HDTVs to computers to Flowbee Haircut Systems. Besides his work with CNET, Don's work has been featured in a variety of other publications including PC World and a host of Ziff-Davis publications.
See full bio
Don Reisinger
2 min read
BlackHole RAT
If you see this on your Mac, beware. Sophos

A new Trojan has cropped up and it's targeting Mac OS X users, one security firm says.

According to Sophos, the Trojan, called "BlackHole RAT" by its author and "MusMinim" by the security firm, is a variant of the Remote Access Trojan on Windows. The author of the Trojan says the malware is not yet completed, but it already does some annoying things.

Overall, Sophos believes that the prevalence of the Trojan is relatively low. The malware can be removed by using antivirus software.

If a Mac becomes infected, the Trojan places text files on the desktop, puts the computer to sleep, commands it to restart or shutdown, and runs "arbitrary shell commands," Sophos says. It also loads a phishing window to get users to input their administrator password. When a full-screen window pops up forcing users to restart their computer, a rather disconcerting message is displayed.

"I am a Trojan Horse, so I have infected your Mac Computer," says the text in the Trojan, according to Sophos. "I know, most people think Macs can't be infected, but look, you ARE Infected! I have full controll (sic) over your Computer and I can do everything I want, and you can do nothing to prevent it.

"So, Im a very new Virus, under Development, so there will be much more functions when I'm finished," the text continues.

The text in the Trojan will surely fuel the long-running debate over whether Mac OS X really is more secure than Windows. Those in the Apple camp point to the numerous Windows security issues that have broken out over the years, compared to the few on Mac OS X, to try and prove that Apple's platform is more secure. Those in the Windows camp believe security is a money game, and malicious hackers have more revenue to generate by targeting all the Windows users in the world, rather than the smaller number of Mac OS X users. It's simply that hackers have ignored Mac OS X, they say.

Sophos says that BlackHole RAT infects computers through downloads over the Web. It might also find its way to the user's Mac through "a vulnerability in your browser, plugins, and other applications."