Researchers spot new Mac OS X malware

Researchers spot new Mac OS X malware

Summary: Security researchers from Sophos have spotted a new piece of malware targeting Mac OS X users.


Security researchers from Sophos have spotted a new piece of malware targeting Mac OS X users.

According to the company, the BlackHole RAT release is still under development, and appears to be using the source code of a popular Windows trojan horse known as darkComet.

The screen lock feature reads:

Hello I'm the BlackHole Remote Administration Tool. I'm a trojan horse, so I have infected your Mac Computer. I know, most people think that Macs can't be infected, but look, you ARE infected! I have full controll over your Computer and I can do everything I want, and you can do nothing to prevent it. So, Im a very new virus, under Development, so there will be much more functions when I'm finished. But for now, it's okay what I can do. To show you what I can do, I will reboot your Computer after you have clicked the Button right down.

Open source malware is an inseparable part of the cybercrime ecosystem, allowing novice cybercriminals to quickly catch up with that used to be sophisticated propagation tactics, a few years ago.

With open source malware now every day's reality, it shouldn't be surprising the the growth of malware is reaching such epic proportions of the overall picture. Although rate, malware releases for Mac OS X are only going to get more popular with the time, given the under served market segment, combined with the countless number of malware coders.

The company emphasizes the fact the BlackHole RAT isn't spreading in the wild, and urges users to exercise extra caution when downloading freeware applications, or even worse, pirated releases. A short clip showing the trojan horse in action can be seen here.

See also:

Topics: Software, Apple, Hardware, Malware, Open Source, Operating Systems, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
    • Gives more credence to using the new Mac App Store

      @Peter Perry
      • RE: Researchers spot new Mac OS X malware


        At which point, it'll be the iOS store all over again!

        I don't like your app! meet the ban hammer!
        We're changing the rules again...
        No apps that [insert bs excuse here] are allowed anymore!
        The one and only, Cylon Centurion
      • Only problem is that it's not a virus...

        Only problem is that it's not a virus, it's not even a trojan. BlackHole RAT is a legitimate Remote Administration Tool, not a trojan. It's an alternative to VNC using a shell account. It isn't any more or less malicious than any other administration tool.
      • RE: Researchers spot new Mac OS X malware

        @olePigeon Remote access software is just a rootkit by a different name... It just depends on who has access to this, which it looks like is a third party.
      • You need to learn what a rootkit is snoop0x7b...


        It's not a trojan.. it's not a rootkit... it's not a virus... It's just a remote admin tool... Speaking of tools, the only ones calling it a trojan are tools.

        A real Trojan is a real program, that installs and runs as a real program, and has malware code hidden within?

        This is not a Trojan and would require 6 installer screens with admin authentication just to install.

        So it is not a virus, nor a Trojan.
      • RE: Researchers spot new Mac OS X malware

        @i8thecat Why don't you install it on your machine and get back to me on how innocuous it is...
      • RE: Researchers spot new Mac OS X malware


        Yeah, install it on you machine and leave it there... its only a tool... no problem, right? That's what I thought.
      • RE: Researchers spot new Mac OS X malware

        Does that make it a vapor trojan? <a href="">dental treatment abroad reviews</a>
      • RE: Researchers spot new Mac OS X malware

        That's what I thought.
        <p><a href="">Ar Condicionado</a> <a href="">Imoveis</a> <a href="">Acompanhantes</a> <a href="">Casas de Massagem</a></p>
  • a researcher ...

    @Peter Perry
    ... that doesn't know the difference between a trojan and a virus founds a new "concept trojan in the making" that could eventually somehow go wild and will be downloaded and installed by a few ignorant mac users... i am scared to death! the sky is falling!

    and yeah, sure sophos again. the desperate antivirus peddler that tries to sell av-software to mac users (who somehow refuse to waste their money on that bs) at their beloved scare tactics again. what a joke!
    banned from zdnet
    • How much would you pay for a free product?

      Just asking, since apparently you think they're selling it.
      Michael Alan Goff
    • RE: Researchers spot new Mac OS X malware

      @banned from zdnet

      Macs were the first thing we hacked in college. They are crap security wise....just like unix/linux.
    • goff256 and VRSpock opened their mouths and removed all doubt.

      Some are dumb enough to think they are not selling it...


      The macs you hacked in college... How long ago was that??? The pre OS X days??? Unix/Linux is designed with security in mind, Windows is designed without security... Which is the reason 99% of the security software in the world is built for windows.
    • Keep on keeping on with that wives tale.

      @i8thecat: [i] Unix/Linux is designed with security in mind, Windows is designed without security...[/i]

      I'm sure if you say it enough times it will eventually become true!
    • Woo Hoo! the appologists are out


      "it's OK because it happens to Windows too"

      Will Farrell
  • RE: Researchers spot new Mac OS X malware

    @Peter Perry

    LOL, I've been hearing "the party is over" and all the other dire predictions of imminent viral infection on Macs for the last 25 years....hasn't happened yet, and in the meantime my organization and I have enjoyed the benefits of superior TCO and ROI that the Mac environment offers.

    Keep on may be right one of these days, we'll see! The sun is eventually going to burn out too, that's for sure!
    • RE: Researchers spot new Mac OS X malware

      Its true. the party will never be over because mac on the desktop will never achieve that level of dominance so it will never be a full target of hackers. Its just not that important of a platform.
    • RE: Researchers spot new Mac OS X malware

      lol, a funny straight forward point made there
    • RE: Researchers spot new Mac OS X malware

      @RealNonZealot It's kinda like anything, if you install software without regard to where it came and are willing to type your admin password then "bad stuff" might happen.

      To be entirely fair Macs didn't enjoy such a great reputation pre-OS X, and I remember SyQuests coming back from print houses being a big problem...

      And again, to be totally fair to the "Windows fanboys", Windows has gotten a LOT better with security (Vista and beyond). Windows has some pretty good security features (in some cases better than the Mac has - address randomisation being a case in point). The real problem for Microsoft is many of the design decisions they made for the platform were made when systems were not connected to the Internet. Vista cleaned a lot of that up (and broke a lot of applications in the process). Again, Apple are never shy cleaning stuff up, and breaking old applications in the process (but it was new for Windows to do that).

      Clearly we will see an uptick in attacks against Macs, what a lot of people fail to understand is Trojans don't rely on weaknesses in the OS. They rely duping the user, there isn't much a system can actually do - if it pops up a request for the admin password and the user supplies it then what more can it do?

      But I agree, I don't see a sudden spike in Mac "drive by" infections, and as long as Mac users think about what they are downloading and installing then they should be fine (keeping up with the patches - that kind of thing).
    • RE: Researchers spot new Mac OS X malware


      The Unix history isn't really that different to the NT/Windows one. When networking was added to BSD Unix, the network was viewed as a secure environment. That's why you had things like passwords sent over the wire in plain text. Moreover, even in the safe academic/government environment of the 1980s internet, Unix (the dominant OS on the internet at the time) had it's share of malware -- including the infamous Morris worm of 1988.

      Unix had an early advantage over Windows because it was exposed to the internet much earlier (indeed, development of modern Windows only started in 1988), and the internet it was exposed to was much safer, but gradually became more dangerous. Windows jumped into an internet that was already becoming dangerous, and quickly became the dominant OS (and hence the dominant target). As a result, it was an early target and got a lot of bad press, but Microsoft actually closed the gap pretty quickly.