Sophos warns on 'beta test' Mac OS X backdoor trojan

Known as BlackHole RAT - remote access trojan - the malware is described as "not yet finished" by its anonymous author, and is notable for being a Mac variant of darkComet, a RAT trojan for the Windows platform.

Reporting on the malware, Chester Wisniewski, Sophos Canada's senior security researcher, says that his research colleagues have analysed the Mac OS X version and concluded it is a basic trojan.

There appears, he said in his weekend security blog, to be a mixture of English and German in its interface, whose functions include placing text files on the desktop, as well as sending a restart, shutdown or sleep command.

In active mode, the trojan is said to be capable of running arbitrary shell commands and placing a full screen window with a message that only allows you to click reboot.

Wisniewski also reports that the malware is also capable of sending URLs to the client to open a website and popping up a fake 'Administrator Password; window to phish the target user.

When activated, the trojan returns the following message on a Mac users' screen:

"I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can't be infected, but look, you ARE Infected!

"I have full control over your Computer and i can do everything I want, and you can do nothing to prevent it.

"So, I’m a very new Virus, under Development, so there will be much more functions when I’m finished."

The Sophos researcher notes trojans like this are frequently distributed through pirated software downloads and torrent sites.

"It could also be dropped by a vulnerability in your browser, plugins and other applications. Patching is an important part of protection on all platforms", he said.

What’s Hot on Infosecurity Magazine?