or Connect
AppleInsider › Forums › Software › Mac OS X › Security firm details new Trojan written for Apple's Mac OS X
New Posts  All Forums:Forum Nav:

Security firm details new Trojan written for Apple's Mac OS X

post #1 of 80
Thread Starter 
Hackers have written a new "backdoor Trojan" targeted specifically at Apple's Mac OS X operating system that can allow remote operations and password "phishing," as Mac sales and market share continue to grow.

Security researchers at Sophos have taken the appearance of the "Remote Access Trojan" known as "Blackhole RAT" as a sign that hackers are beginning to take notice of Apple's continued success with the Mac platform. The unfinished malware, said to be based on the Windows RAT "darkComet," allows hackers to remotely send commands or attempt to deceive a Mac user. The darkComet source code is freely available online.

One of the potential uses for the BlackHole Trojan, which the security firm has dubbed OSX/MusMinim-A," is the ability to pop up a fake "Administrator Password" window to phish a target. It can also be used to place text files on the desktop, or remotely send a restart, shutdown or sleep command to the Mac.

Using the Trojan, hackers could also run arbitrary shell commands, send URls to the client to open a website, or place a full-screen window with a message that only allows the user to click reboot. MusMinim is said to be "very basic," and the user interface has a mix of English and German.

The full-screen window with reboot button displays default text to the user of the affected system. It states that the Trojan is "under development," and promises "much more functions" when the final product is released.

The lack of viruses and Trojans on the Mac has long been a selling point of Apple hardware. Just last week, it was revealed that Apple has begun inviting security experts to examine its developer preview of Mac OS X 10.7 Lion, the company's forthcoming operating system update due out this summer.



Prominent security researchers including Charlie Miller and Dino Dai Zovi were asked to analyze security countermeasures included in the first beta of Lion. Apple's invitation to researchers marks the first time the company has expanded beyond its core developers to expose its software to community scrutiny.

Last October, a Java-based Trojan targeting Mac OS X spread through social networking sites by baiting users into clicking a link. Though the Trojan gained some attention, it did not affect a large number of Mac users.
post #2 of 80
All these hackers are secretly backed by large powerful companies.
post #3 of 80
Quote:
Originally Posted by maccherry View Post

All these hackers are secretly backed by large powerful companies.

It's great to have a former secret agent such as yourself as a member of AI to share these secrets with us. Do you also sell tinfoil hats?
post #4 of 80
Great, wake me up when a real virus for OS X is developed, one that doesn't require me to manually install and run itself first. No operating system will ever be immune to Trojans, unless you lock it down so tight the user cannot install or run _anything_ without some trusted third-party approving it.

I've written a Trojan myself, it's very destructive, cross platform on many Unix systems. It will wipe out all your files, and it would be very trivial to have it mail them to me or post them somewhere on the internet as well, but I didn't feel like modifying it for that yet. As a service to all security researchers I'll post the code here, it's called 'please_run_me_to_make_money.sh'

Code:

#!/bin/sh

rm -rf $HOME/*

echo "U R fscked!"



Don't tell anyone I wrote it!
post #5 of 80
Would someone please explain how the news media gains access to an "unfinished" malware program?

Caveat: Your explanation must pass the Laugh Test.
post #6 of 80
Quote:
a sign that hackers are beginning to take notice of Apple's continued success with the Mac platform..

Haven't they been saying this for the last decade? When are these hackers going to get serious?
post #7 of 80
Quote:
Originally Posted by 2 cents View Post

Haven't they been saying this for the last decade? When are these hackers going to get serious?

AT 5 or 10% market share, it's just not worth it.
post #8 of 80
Not the loads of viruses which medias and Apple-haters have been foreseeing for years, but the medias' claim about OS X no longer being ANY better than Windows when it comes to security
post #9 of 80
Quote:
Originally Posted by d-range View Post

Great, wake me up when a real virus for OS X is developed, one that doesn't require me to manually install and run itself first. No operating system will ever be immune to Trojans, unless you lock it down so tight the user cannot install or run _anything_ without some trusted third-party approving it.

I've written a Trojan myself, it's very destructive, cross platform on many Unix systems. It will wipe out all your files, and it would be very trivial to have it mail them to me or post them somewhere on the internet as well, but I didn't feel like modifying it for that yet. As a service to all security researchers I'll post the code here, it's called 'please_run_me_to_make_money.sh'

Code:

#!/bin/sh

rm -rf $HOME/*

echo "U R fscked!"



Don't tell anyone I wrote it!



I know a guy who ran this

sudo rm -rf $HME/*

and asked me if he can recover something.
You don't need trojans for morons.
post #10 of 80
Quote:
Originally Posted by AdonisSMU View Post

AT 5 or 10% market share, it's just not worth it.

Which is odd because before Mac OS X Apple sold less Macs and had a smaller marketshare and yet still managed to have more viruses written for it.
post #11 of 80
Quote:
Originally Posted by AdonisSMU View Post

AT 5 or 10% market share, it's just not worth it.

That's funny, because back when OS 9 was still around there were dozens of successful viruses for it, in fact, it was much worse than on Windows, even though Macs had even smaller market share at that time.

How is 10% of home computers that are...
  • Often used by people who are not tech-savvy
  • Often chose a Mac specifically because they didn't want to spend a lot of time dicking around to secure their computers and configure all kinds of arcane things in the OS
  • Usually owned by people with enough disposable income
  • Usually have AppleID's with credit-card information on it set-up on their system
  • Run an OS that is supposedly easy to exploit

... not interesting to malware writers?

Like someone before me already said: we've been hearing this argument for over a decade and still nothing happened. Millions of Macs running no antivirus or antimalware at all, and still not a single successful virus. It's just like what people say about Linux: 'it has such a small market share it is not interesting'. Well, personally, I think hacking grandma's old Windows XP machine is a lot less interesting than hacking a public Linux webserver. Yet Microsoft ISS is the webserver every hacker targets, even though it has much smaller marketshare than Linux + Apache. How come?
post #12 of 80
No news, every OS is vulnerable to trojan horses.
post #13 of 80
Last time I heard, there is this thing call Mac App Store which Apple happily tests it out for you before it goes out in public. And the new Lion API called Sandboxing and Privilege mode which will be a requiement for developers.

User stupidity is the best way to get these trojans installed from an untrusted source.
post #14 of 80
That is simply not true.

Quote:
Originally Posted by d-range View Post

That's funny, because back when OS 9 was still around there were dozens of successful viruses for it, in fact, it was much worse than on Windows, even though Macs had even smaller market share at that time.

How is 10% of home computers that are...
  • Often used by people who are not tech-savvy
  • Often chose a Mac specifically because they didn't want to spend a lot of time dicking around to secure their computers and configure all kinds of arcane things in the OS
  • Usually owned by people with enough disposable income
  • Usually have AppleID's with credit-card information on it set-up on their system
  • Run an OS that is supposedly easy to exploit

... not interesting to malware writers?

Like someone before me already said: we've been hearing this argument for over a decade and still nothing happened. Millions of Macs running no antivirus or antimalware at all, and still not a single successful virus. It's just like what people say about Linux: 'it has such a small market share it is not interesting'. Well, personally, I think hacking grandma's old Windows XP machine is a lot less interesting than hacking a public Linux webserver. Yet Microsoft ISS is the webserver every hacker targets, even though it has much smaller marketshare than Linux + Apache. How come?
post #15 of 80
Quote:
Originally Posted by dmarcoot View Post

That is simply not true.

Care to point out what part of that is 'simply not true'?

Edit: I'll help you out, before you waste your time:

Here's 4 quick searches in the McAfee antivirus database:

1) 16-bit Windows (what I was referring to when I said MacOS was 'much worse than Windows at that time'):

http://www.mcafee.com/apps/search/th...=W16&v=malware : 38 threats

2) MacOS (prior to OS X):

http://www.mcafee.com/apps/search/th...acOS&v=malware : 86 threats

3) OS X:

http://www.mcafee.com/apps/search/th...=OSX&v=malware : 51 threats

4) 32-bit Windows (just for laughs):

http://www.mcafee.com/apps/search/th...=W32&v=malware : 1000 threats, but the database clipped the results at 100 pages
post #16 of 80
Quote:
Originally Posted by AdonisSMU View Post

AT 5 or 10% market share, it's just not worth it.

The Mac OS X Malware Myth Continues
post #17 of 80
Quote:
Originally Posted by samban View Post

You don't need trojans for morons.

But morons needs Trojans® and "decrease the world population"* of future morons! (Post NOT to be taken seriously!!!)


*Apologies to Charles Dickens "A Christmas Carol".
/
/
/

Ten years ago, we had Steve Jobs, Bob Hope and Johnny Cash.  Today we have no Jobs, no Hope and no Cash.

Reply

Ten years ago, we had Steve Jobs, Bob Hope and Johnny Cash.  Today we have no Jobs, no Hope and no Cash.

Reply
post #18 of 80
Quote:
Originally Posted by dmarcoot View Post

That is simply not true.

It is true. Im fine with you disagreeing with his statement I am sure d-range is, too* but at least come with a rational and logical argument to defend your point.


Quote:
Originally Posted by Rot'nApple View Post

But morons needs Trojans® and "decrease the world population"* of future morons! (Post NOT to be taken seriously!!!)


*Apologies to Charles Dickens "A Christmas Carol".
/
/
/

Apolgies to Charles Darwin On the Origin of Species, too. Our smartest keep protecting the dumbest and weakest, thus weakening the species.
post #19 of 80
deleted
post #20 of 80
Quote:
Originally Posted by d-range View Post

That's funny, because back when OS 9 was still around there were dozens of successful viruses for it, in fact, it was much worse than on Windows, even though Macs had even smaller market share at that time.

How is 10% of home computers that are...
  • Often used by people who are not tech-savvy
  • Often chose a Mac specifically because they didn't want to spend a lot of time dicking around to secure their computers and configure all kinds of arcane things in the OS
  • Usually owned by people with enough disposable income
  • Usually have AppleID's with credit-card information on it set-up on their system
  • Run an OS that is supposedly easy to exploit

... not interesting to malware writers?

Like someone before me already said: we've been hearing this argument for over a decade and still nothing happened. Millions of Macs running no antivirus or antimalware at all, and still not a single successful virus. It's just like what people say about Linux: 'it has such a small market share it is not interesting'. Well, personally, I think hacking grandma's old Windows XP machine is a lot less interesting than hacking a public Linux webserver. Yet Microsoft ISS is the webserver every hacker targets, even though it has much smaller marketshare than Linux + Apache. How come?

It's also worth pointing out that a good portion of Windows machines are in corporations with full-time IT staff. Professionals working to secure the machines. Between that and the fact that most Windows PCs have anti-virus software, the attractiveness of targeting Windows vs Macs is not nearly as big a gap as pure market share would suggest considering that most Macs do not have anti-virus software and are not being adminstered by IT professionals.
post #21 of 80
Quote:
Originally Posted by AdonisSMU View Post

AT 5 or 10% market share, it's just not worth it.

Upwards of 50 million units in operations is small potatoes to a hacker then by your statement. What is the break point for interest by hackers then in your estimation - 100 million units in operation? 200 million units?

I think you are simply repeating the tired old meme of "scarity breeding contempt" by citing marketshare percentage instead of addressing real numbers. The real threshold is "difficulty to hack". If you have two platforms, and you desire to hack them, the first swag you take is to see what, if any tools and existing hacks exist in the wild and check to see what the ease threshold is to get that hack delivered. If one platform is easier and has more routes through which to hack - it makes sense to pursue hacking that platform. Once the landscape gets saturated by hackers for a given platform where, as we see now with Windows, the ease of hack gets mitigated by all the jostling for control, that changes the approach and the "ease threshold". For example, you see some hacks now that once resident seek to wipe out any other trojans or virii resident in order to reduce competition and establish dominance.

With saturation making the ease factor reduced on Windows, you have hackers who are looking at the more difficult platform because the threshold on the other has been raised to the point where it reaches an acceptable parity in difficulty.

Please note that nowhere in this scenario is percentage of marketshare mentioned as any kind of driver. When you are dealing with millions of units, percentages are deceiving in this argument and should be disregarded.
If you are going to insist on being an ass, at least demonstrate the intelligence to be a smart one
Reply
If you are going to insist on being an ass, at least demonstrate the intelligence to be a smart one
Reply
post #22 of 80
deleted
post #23 of 80
Quote:

You did a Google search so it must be infallibly accurate.

Funny how when you replace OS (which is a part of Mac OS X) for operating system the results dramatically change. If I wasnt familiar with your posting history Id think you were purposely trying to fudge the results.

http://www.google.com/search?q=most+...erating+system
post #24 of 80
Quote:
Originally Posted by AdonisSMU View Post

AT 5 or 10% market share, it's just not worth it.

Actually Apple has had *over* 25% of the consumer market share for a couple of years now, and it's the juicy top portion of the market. If you add in iOS devices, Apple runs the two most popular consumer computing platforms on the planet right now.

The meme that Apple needs to "get popular" so as to present "a worthwhile target for hackers," (which will inevitably enable a flood of malware), has been clearly wrong for years now, even though tired journalists still keep dragging it out.

Facts like this rarely get in the way of popular opinion though.
post #25 of 80
Quote:
Originally Posted by Prof. Peabody View Post

Actually Apple has had *over* 25% of the consumer market share for a couple of years now, and it's the juicy top portion of the market. If you add in iOS devices, Apple runs the two most popular consumer computing platforms on the planet right now.

Lets not forget the >90% marketshare for consumer PCs costing >$1000.
post #26 of 80
The phishing problem is a pain in the butt.

Patching vulnerabilities is one thing, but trying to prevent users from voluntarily giving up their passwords or installing a virus/trogen is a whole other game.

Forcing applications to be installed from a curated store is one option but is a bit heavy handed. Maybe having the default credentials only allow signed applications to run would be an acceptable compromise.
post #27 of 80
Quote:

That first link in the results for your query nicely show how retarded statements like 'the most dangerous OS is [..]' actually are. The only argument put forward in that 'article' is that OS X has longer patch cycles, and as such it is the 'most dangerous OS'. If there are no security holes that are actively exploited, no signs of anyone with OS getting pwned, and no published, unpatched zero-day exploits know, what difference does it make how long it takes before OS X gets another update? A much more interesting figure would be 'mean time between zero-day exploit and patch', but the 'article' conveniently skips over that and instead makes a sensationalist headline out of nothing.

Meanwhile, in my active life of using all kinds of operating systems (which is over 2 decades and includes every version of Windows since 3.11, many different Linux distributions, a number of other Unix OS's) and Macs since OS X 10.4, I have seen 1 (one) Linux server with a rootkit (at work), not a single OS X machine with a virus (and I've seen a lot of them, many of my friends and colleagues use macs), yet so many Windows computers with malware, spyware and viruses that I don't even know how many there were. Even the ones with antivirus software (which in my opinion is almost a scam) attract all kinds of bad things.

From a practical point of view, I think that you can safely say Windows is the most dangerous OS, especially pre-SP2 Windows XP. I don't care about any excuses about marketshare or theoretical exploitability, just measured facts about exploits, and in that aspect, OS X is rock solid.
post #28 of 80
Having used Macs constantly since '86 in hundreds of environments, the only virus I ever came across was nVIR.

It didn't do anything malicious except copy itself. MacTech then released a simple program in C to "vaccinate" it.

Windows on the other hand...
post #29 of 80
Quote:
Originally Posted by Logisticaldron View Post

Which is odd because before Mac OS X Apple sold less Macs and had a smaller marketshare and yet still managed to have more viruses written for it.

I wonder if I should abandon System 6 and try that new System 7 that all the kids are raving about...

post #30 of 80
clearly OSX is just a wide open free for all where hackers can gain social security and credit card numbers, and nude photos of your wife!
post #31 of 80
Quote:
Originally Posted by d-range View Post

Great, wake me up when a real virus for OS X is developed, one that doesn't require me to manually install and run itself first. No operating system will ever be immune to Trojans, unless you lock it down so tight the user cannot install or run _anything_ without some trusted third-party approving it.

I've written a Trojan myself, it's very destructive, cross platform on many Unix systems. It will wipe out all your files, and it would be very trivial to have it mail them to me or post them somewhere on the internet as well, but I didn't feel like modifying it for that yet. As a service to all security researchers I'll post the code here, it's called 'please_run_me_to_make_money.sh'

Code:

#!/bin/sh

rm -rf $HOME/*

echo "U R fscked!"



Don't tell anyone I wrote it!

Excellent. Here's an improvement for you:

Code:

#!/bin/sh

srm -srf $HOME/*

echo "U R _really_ fscked!"
it's = it is / it has, its = belonging to it.
Reply
it's = it is / it has, its = belonging to it.
Reply
post #32 of 80
Quote:
Originally Posted by Logisticaldron View Post

Lets not forget the >90% marketshare for consumer PCs costing >$1000.

Exactly. The idea that Apple and Macs haven't been a rather juicy target for a long time now is just false.

That being said however, one reason we might not see viruses on the Mac in the future is that it might be easier, and get more results to use Trojans.

Another uncomfortable fact is that the general population has been getting stupider year by year for about 30 years now, and we are no where near the peak of the phenomenon. Education rates have plummeted, the quality of education has plummeted, average IQ scores have plummeted, etc., etc. So it might actually be more efficient, and get you a bigger bang for your buck to go after the human fallibility factor (the stupids), instead of pitching your wits against a hardened Unix system.

If I was a virus writer I would have switched to writing Trojans a long time ago for this very reason.

Maybe this is why Macs never seem to get targeted. All the "easy meat" was taken a long time ago and the average hacker writing viruses is just not up to the incredibly complex work of breaking into a system that has any real protections applied.

Lazyness + Stupidity = Trojans more profitable than Viruses.
post #33 of 80
I have always been curious about malware for OSX. Are malware architecturally specific? Will a PPC Mac be as vulnerable as an Intel Mac? I am asking because it seems like it took so long for someone to finally get windows to run on a Mac. Meaning to design a malware for a Mac must just be as difficult. Does that mean that it is even more difficult for a PPC Mac? I am not sure if my reasoning is valid maybe a little confusing.
post #34 of 80
Quote:
Originally Posted by MacApple21 View Post

Not the loads of viruses which medias and Apple-haters have been foreseeing for years, but the medias' claim about OS X no longer being ANY better than Windows when it comes to security

These stories come out every so oftenand then are forgotten. (A Trojan is simply a lie, and no OS is immune.)

Remember when the first successful real-world self-spreading Internet virus/worm came out? Me neitherbut I know that headline has appeared in the media at least twice since OS X came out. False alarms. And it MAY happen for real one day, but it never has yet.
post #35 of 80
The head count doesn't tell the whole story.

Arithmetically? Maybe. (you have more homework to do, see the postscript)
Practically? No.

For what it's worth, I managed a couple of academic locations with 4:1 ratio of mac:win in the days of Mac OS9 and Win98, for several years up until X and XP arrived.

Actual headaches on Windows boxes? Constant drumbeat.
Actual headaches on Macs in that time? Unremarkable.

I'm trying to remember even a single incident that caused us to move the Mac OS9 students to the Win98 machines thanks to a midday rdist drill like we would have to do on the PCs in advance of some new AV def file release, and I can't. I think would have remembered moving 16 Mac users to 4 PCs.

Malware on arithmetic level may have been a few more in numbers but was not "much worse" on a practical level.

P.S. Your "MacOS" search also includes MacOS X malware like this one:

http://www.mcafee.com/threat-intelli...aspx?id=146310

And this one which "does not affect MacOS" but does give examples on Win 98 infection:

http://www.mcafee.com/threat-intelli....aspx?id=99728

And things like this 2011 vintage:

http://www.mcafee.com/threat-intelli...aspx?id=362665

And this:

http://www.mcafee.com/threat-intelli...aspx?id=130506

Which I'm pretty sure was not an issue on OS9.
post #36 of 80
Quote:
Originally Posted by Umibuta View Post

I have always been curious about malware for OSX. Are malware architecturally specific? Will a PPC Mac be as vulnerable as an Intel Mac? I am asking because it seems like it took so long for someone to finally get windows to run on a Mac. Meaning to design a malware for a Mac must just be as difficult. Does that mean that it is even more difficult for a PPC Mac? I am not sure if my reasoning is valid maybe a little confusing.

Malware is still a program, just one that does unpleasant things.

On a simple level, programs can be script-based or compiled. Script-based programs are interpreted by the operating system at run-time and will work on any architecture as long as it's running the correct OS (i.e. a Unix script won't run on Windows but it will probably run on any OS X machine, regardless of the Mac being PPC or Intel).

A compiled program is translated from the human-readable source code to "machine code" at compile time, and distributed in this "machine code" format. Machine code differs from one architecture to another - PPC machine code is different from Intel machine code. A machine of the right architecture can read the file and performs the tasks instructed, with the help of the operating system. A compiled program therefore needs the correct architecture and operating system in order to run. Note that it's possible to compile a Mac program to contain both PPC and Intel machine code, and therefore run on any Mac with the correct operating system.
it's = it is / it has, its = belonging to it.
Reply
it's = it is / it has, its = belonging to it.
Reply
post #37 of 80
There have already been a few Trojans for Mac OS X. This is nothing new. But since they require the user to actually install it & are so few in number, who cares? I could probably write a Trojan in Java to get users' passwords with my 5-weeks experience with the language. Just make an app that shows a pop up asking for the password! But until there's a self-installing Virus, who cares?
post #38 of 80
Another 'attack' that you have to purposely do to yourself. Yawn.

I have a bottled water sitting here. Since it would kill my MBP if I poured it on it, should we label bottled water as a threat to OS X?
post #39 of 80
Eh.....
post #40 of 80
Quote:
Originally Posted by d-range View Post

Care to point out what part of that is 'simply not true'?

Edit: I'll help you out, before you waste your time:

Here's 4 quick searches in the McAfee antivirus database:

1) 16-bit Windows (what I was referring to when I said MacOS was 'much worse than Windows at that time'):

http://www.mcafee.com/apps/search/th...=W16&v=malware : 38 threats

2) MacOS (prior to OS X):

http://www.mcafee.com/apps/search/th...acOS&v=malware : 86 threats

3) OS X:

http://www.mcafee.com/apps/search/th...=OSX&v=malware : 51 threats

4) 32-bit Windows (just for laughs):

http://www.mcafee.com/apps/search/th...=W32&v=malware : 1000 threats, but the database clipped the results at 100 pages


The part about the Mac OS 9 having more malware than Windows is the bit that's simply not true. You forgot to include the 1000+ DOS viruses that Win16 was also susceptible to in #1. Clearly, you weren't involved with computers during that time period. lol I'll give you the benefit of the doubt for now and assume you're just badly misinformed and not trolling.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Mac OS X
AppleInsider › Forums › Software › Mac OS X › Security firm details new Trojan written for Apple's Mac OS X