Main menu (IT)

Malware Targeting Mac OS X

March 1, 2011

According to the CSU Virtual Information Security Center (VISC), there is a new backdoor Trojan targeting Mac OS X. Although this malware, known as "BlackHole Remote Access Trojan (RAT)", is still in beta, the VISC would like to ensure that all CSU campuses are aware of this new threat.

Malware Description

  • "BlackHole RAT" is based on source code of the well known RAT for Windows called "darkComent"
  • Interface is currently raw, but it is expected that more polished code will be released soon
  • Capable of placing text files on desktop; sending restart, shutdown, or sleep commands; running arbitrary shell commands; popping up full screen windows that only allow user to reboot; forcing an infected system to open URLs; popping up a fake Administrator Password dialog to phish the target

    IT Recommendation

  • Apply the latest Mac OS X patches after appropriate testing
  • Do not download applications from pirated sites, Torrents, or suspicious third party app sites
  • Do not visit un-trusted Web sites or follow links provided by unknown or un-trusted sources
  • Do not open email attachments from unknown or un-trusted sources

    For more information, read CNET News: "Mac OS X Trojan catches Sophos' eyes".