Lunarsoft

Another trojan surfaces on the Mac yet again called BlackHole RAT

Published

A new trojan has appeared by the name of BlackHole RAT and it surprisingly is in beta. While this may sound strange or like a joke, security researchers assure it’s the real deal. Turns out that BlackHole RAT is a variant of the free “remote administration tool” darkComet RAT for Windows. Despite being a new trojan that calls itself beta; the tool itself seems very comprehensive at this point in time.

At this time there is no known fix or way to catch this trojan. The best advice is Mac users, be careful what you run and when your OS prompts you for your password, known what the prompt is coming from. If you’re still concerned there are anti-virus solutions for the Mac. Earlier this month Comodo released a free Mac antivirus alongside Sophos, who has long been known for its anti-malware solutions for the platform.

This new trojan can do quite a bit. Here’s a list of the known capabilities are so far.

  • Gives the administrator the ability to place text files on the desktop.
  • Send restart, shutdown or sleep commands.
  • Run shell commands.
  • Place a full-screen window with a message that forces a reboot.
  • Force URLs to a client.
  • Pop up a fake “Administrator Password” phishing window.

This phishing part of BlackHole RAT is rather clever. Presenting the faked Adminsitrator Password prompt which logs the data entered and presents it in the trojan hacktool. You can see an example in the screenshot below.

BlackHole RAT in action.

Before the forced reboot a rather amusing message is presented to the victim.

I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think that Macs can’t be infected, but look, you ARE infected!

I have full control over your Computer and i can do anything I want, and you can do nothing to prevent it.

So, Im a very new Virus, under Development, so there will be much more functions when Im finished.

But for now, it’s okay what I can do.

To show you what I can do, I will reboot your Computer after you have clicked the Button right down.

If you want to see a video of this trojan in action, you can watch it on YouTube.

Obviously, this isn’t the first trojan to hit the Mac. It was only a few months ago as of this news post that Ars Technica reported of a trojan called trojan.osx.boonana.a that attacked the Mac through Java. It disguised itself as a video floating around social networking sites and other places on the web. Once clicked, a Java applet is launched that downloads multiple files, including an installer that runs automatically without users’ knowledge.

Tags: