Researchers spot new Mac OS X malware

Summary:Security researchers from Sophos have spotted a new piece of malware targeting Mac OS X users.

Security researchers from Sophos have spotted a new piece of malware targeting Mac OS X users.

According to the company, the BlackHole RAT release is still under development, and appears to be using the source code of a popular Windows trojan horse known as darkComet.

The screen lock feature reads:

Hello I'm the BlackHole Remote Administration Tool. I'm a trojan horse, so I have infected your Mac Computer. I know, most people think that Macs can't be infected, but look, you ARE infected! I have full controll over your Computer and I can do everything I want, and you can do nothing to prevent it. So, Im a very new virus, under Development, so there will be much more functions when I'm finished. But for now, it's okay what I can do. To show you what I can do, I will reboot your Computer after you have clicked the Button right down.

Open source malware is an inseparable part of the cybercrime ecosystem, allowing novice cybercriminals to quickly catch up with that used to be sophisticated propagation tactics, a few years ago.

With open source malware now every day's reality, it shouldn't be surprising the the growth of malware is reaching such epic proportions of the overall picture. Although rate, malware releases for Mac OS X are only going to get more popular with the time, given the under served market segment, combined with the countless number of malware coders.

The company emphasizes the fact the BlackHole RAT isn't spreading in the wild, and urges users to exercise extra caution when downloading freeware applications, or even worse, pirated releases. A short clip showing the trojan horse in action can be seen here.

See also:

Topics: Enterprise Software, Apple, Hardware, Open Source, Security


Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.