Hackers have written a new "backdoor
Trojan" targeted specifically at Apple's Mac OS X operating system that
can allow remote operations and password "phishing," as Mac sales and
market share continue to grow.
Security researchers at Sophos have taken the appearance of the "Remote
Access Trojan" known as "Blackhole RAT" as a sign that hackers are
beginning to take notice
of Apple's continued success with the Mac platform. The unfinished
malware, said to be based on the Windows RAT "darkComet," allows hackers
to remotely send commands or attempt to deceive a Mac user. The
darkComet source code is freely available online.
One of the potential uses for the BlackHole Trojan, which the security
firm has dubbed OSX/MusMinim-A," is the ability to pop up a fake
"Administrator Password" window to phish a target. It can also be used
to place text files on the desktop, or remotely send a restart, shutdown
or sleep command to the Mac.
Using the Trojan, hackers could also run arbitrary shell commands, send
URls to the client to open a website, or place a full-screen window with
a message that only allows the user to click reboot. MusMinim is said
to be "very basic," and the user interface has a mix of English and
The full-screen window with reboot button displays default text to the
user of the affected system. It states that the Trojan is "under
development," and promises "much more functions" when the final product
The lack of viruses and Trojans on the Mac has long been a selling point
of Apple hardware. Just last week, it was revealed that Apple has begun
inviting security experts to examine its developer preview of Mac OS X 10.7 Lion, the company's forthcoming operating system update due out this summer.
Prominent security researchers including Charlie Miller and Dino Dai
Zovi were asked to analyze security countermeasures included in the
first beta of Lion. Apple's invitation to researchers marks the first
time the company has expanded beyond its core developers to expose its
software to community scrutiny.
Last October, a Java-based Trojan
targeting Mac OS X spread through social networking sites by baiting
users into clicking a link. Though the Trojan gained some attention, it
did not affect a large number of Mac users.
There is a subtle principle that resides within all of us, which is unborn and undying. It is bliss infinite and the giver of supreme happiness.It is our inner Guru.