New Mac OS X malware variant spotted

Summary:According to Intego's security memo, OSX/HellRTS.D is being distributed on a number of forums shows that it will be accessible to a large number of malicious users who may attempt to use it to attack Macs.

Intego is reporting on a newly discovered variant of a Mac OS X malware first detected in 2004.

According to the company, the source code of the OSX/HellRTS.D is already being distributed across multiple forums, which could potentially allow malicious attackers to create new variants of it.

More details on the malware:

  • It sets up its own server and configures a server port and password
  • It duplicates itself, using the names of different applications, adding the new version to a user’s login items, to ensure that it starts up at login. (These different names can make it hard to detect, not only in login items, but also in Activity Monitor.)
  • It can send e-mail with its own mail server, contact a remote server, and provide direct access to an infected Mac
  • It can also perform a number of operations such as providing remote screen-sharing access, shutting down or restarting a Mac, accessing an infected Mac’s clipboard, and much more

According to the brief security memo, OSX/HellRTS.D "is being distributed on a number of forums shows that it will be accessible to a large number of malicious users who may attempt to use it to attack Macs."

A similar leak of source code took place in November, 2009, when the source code for ikee iPhone worm became publicly available. The leak, however, didn't result in any new worm modifications back then.

The company has rated the malware as low risk due to the fact that they are unaware of any infected Macs so far.

However, this rating shouldn't apply to you overall situational awareness (See: How To Disable "Open Safe Files After Downloading" Feature In Safari) on the fact that Mac OS X malware is no longer an urban legend, but a fully realistic event with Apple Inc. publicly admitting that "no system can be 100 percent immune from every threat".

Topics: Security, Apple, Enterprise Software, Hardware


Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.