New trojan MusMinim-A written for Mac OS X
On Saturday, information security firm Sophos reported a new "backdoor Trojan" designed to allow remote operations and password "phishing" on systems running Mac OS X.
The author of the Trojan refers to his or her work as "BlackHole RAT" and claims the malware is still in beta. Indeed, Sophos, who re-named the threat "OSX/MusMinim-A," says the current code is a very basic variation of darkComet, a well-known Remote Access Trojan (RAT) for Microsoft Windows. The source code for darkComet is freely available online.
The biggest threat from MusMinim appears to be its ability to display fake prompts to enter the system's administrative password. This allows the malware to collect sensitive user and password data for later use.
The Trojan also allows hackers to run shell commands, send URLs to the client to open a website, and force the Mac to shut down, restart or go to sleep arbitrarily. Other "symptoms" include mysterious text files on the user's desktop and full screen alerts that force the user to reboot.
Additionally, the malware threatens to grow stronger. "Im a very new Virus, under Development, so there will be much more functions when im finished," the author of the Trojan claims via its user interface.
Sophos believes the new malware indicates more hackers are taking notice of the increasingly popular Mac platform. "[MusMinim] could be indicative of more underground programmers taking note of Apple's increasing market share," says Sophos on its blog.
Another line from the malware's user interface supports the idea that hackers' interest in Mac OS X is growing. "I know, most people think Macs can't be infected, but look, you ARE Infected!"
In an apparent response to the increase in malware threats on the Mac, Apple is reportedly working with prominent information security analysts like Charlie Miller and Dino Dai Zovi to strengthen the overall security of Mac OS X Lion, the company's forthcoming major update to its desktop operating system. It's the first time Apple has openly invited researchers to scrutinize its software while still under development. Mac OS X Lion is scheduled to be released this summer.
In the meantime, Sophos tells Mac users to be cautious when installing software from less trustworthy sources. "Trojans like this are frequently distributed through pirated software downloads, torrent sites, or anywhere you may download an application expecting to need to install it," they say. Also, "patching is an important part of protection on all platforms" to prevent hackers from exploiting security vulnerabilities in web browsers, plug-ins and other applications.
[via AppleInsider]
Share
Categories
On Saturday, information security firm Sophos reported a new "backdoor Trojan" designed to allow remote operations and password...
Add a Comment
I may have been playing too much Portal, but this feels very GLaDOS-esque.
"I'm a very new virus, under development, so there will be much more functions when im finished."
"I know, most people think Macs can't be infected, but look, you ARE Infected!"
I think the virus was just this news: it's spreading to a number of websites (TUAW, Slashdot, AppleInsider...) with no verification whatsoever. And before I knew, a (noob) friend of mine wrote me in panic to ask if it was dangerous. Nice shot, mysterious cracker.
March 01 2011 at 5:00 AM Report abuse Permalink rate up rate down ReplyThat's why we have the Mac AppStore...and don't ya babies cry wolf.
March 01 2011 at 1:04 AM Report abuse Permalink rate up rate down ReplyI have both PC's and Mac computers and while on my mac this trojan was picked up while looking at google images. It never did prompt me to install anything/ask for my admin password but Sophos picked it up right away (among other scanners).
February 28 2011 at 11:37 PM Report abuse Permalink rate up rate down ReplyWhich other scanners picked it up?
March 01 2011 at 2:19 AM Report abuse Permalink rate up rate down ReplyI love how everybody says that when the market share goes up the "Hackers" are going to start writing viruses for Macs. It's like only when the market hits this magical number will they get their divine intuition from above to be able to write this magical code! LMFAO!
The problem is that damn near every application install on OSX *does* require your admin password.
There are ways around it in the drag and drop install (drag to /user/name/applications instead of /applications), but some pkg installers, there isn't a way around it.
I think it's absurd to require administrator privileges to install an application that doesn't need them to run.
Not many mac users think twice about entering their admin password when prompted by the OS.
Microsoft thought it was absurd, too. This is why they have the problems they have. They realized it was a bad idea and Vista and Windows 7 now mimic the Mac's default authorization behavior. It's a good thing. Security is about layers.
It may be inconvenient to have to authorize downloaded executables, but not nearly as inconvenient as it is to have to reload your OS because you (or your spouse, children, parents, or users) found one of these mysterious trojans or buggered your system dinking around in general.
"The source code for darkComet is freely available online." ?
AHAHA please review your article, please, PLEASE
It can't be long until this virus becomes capable of burgling my house.
February 28 2011 at 2:25 PM Report abuse Permalink rate up rate down ReplySTILL waiting for that virus apocalypse that is going to descend any day now on Mac users. Uh oh, there's some malware (that's in BETA) that you have to install on your Mac with your administrator password. Oooh, I'm quaking. Reminds me of those joke "This is a Mac virus; it works on the honor system" emails that used to go around.
It's not like black hat hackers haven't been taunted and teased for years and years now; you'd think *somebody* would have managed to create something that becomes a widespread problem, not just a theory in a lab. I'm feeling pretty secure.
Read the actual article. Total equine effluent! In particular, the idea that a Windows Remote Access tool would look -anything like- a MacOS X Remote Access tool strains my technical credulity.
February 28 2011 at 1:34 PM Report abuse Permalink rate up rate down ReplyDeals of the Day
more deals- Acoustic Research Digital Photo Frame with iPod Dock for $50 + free shipping
- Apple iPhone 4 8GB for Verizon, AT&T, or Sprint for $50 + pickup at Best Buy
- Unlocked iPhone 4S 16GB for GSM (AT&T, T-Mobile) for $619 + free shipping
- Apple iMac Core i7 Quad 3.4GHz 27" w/ 24GB RAM, 2TB HDD for $2,677 + $29 s&h
- Used Apple Magic Mouse for $36 + $4 s&h
- 9-Piece iPhone Bundle, includes 1,900mAh battery for $8 + free shipping
Software Updates
more updatesFeatured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
20 Comments