Mac users beware. A variant on an established Trojan for the Apple Mac OSX operating system has been discovered by Sophos.
OSX/MusMinim-A is a Remote Access Trojan (RAT) for the OSX platform, which is also known as “BlackHole RAT”. SophosLabs analyzed the sample it received and determined that it is a variant of a well-known Remote Access Trojan (RAT) for Windows known as darkComet.
So far, the trojan’s unknown author describes it as a “beta” version, whose functionality could be improved over time. OSX/MusMinim-A’s main threat component is a backdoor, which acts as the server half of a client-server pair of applications, the company said.
Sophos, which discovered the BlackHole RAT Trojan, claims that it can remove it (whew!) with its Sophos Anti-Virus product for the Macintosh, which it distributes for free (Yey! Free!). The most common way that your mac may be infected, according to Sophos, is by downloading the trojan as part of pirated software.
According to a Sophos blog post authored by Chester Wisniewski, the Trojan’s basic functionality includes:
Placing text files on the desktop
Sending a restart, shutdown or sleep command
Running arbitrary shell commands
Placing a full screen window with a message that only allows you to click reboot
Sending URLs to the client to open a website
Popping up a fake “Administrator Password” window to phish the target
In its present form, a message will also pop up next to the reboot command: “I am a Trojan Horse, so i have infected your Mac Computer,” it says. “I know, most people think Macs can’t be infected, but look, you ARE Infected! I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it. So, Im a very new Virus, under Development, so there will be much more functions when im finished.”
Oh man, this is one huge update. The total file size that my system is downloading totals to almost 600MB. Now that, is big. I cannot remember when I did download an update but this one is sure to take long. Mac OSX’s update process is annoying.
While it is normal to restart your system, it is irritating to wait while the update is being installed after the reboot. This should be done after the download. Instead, you have to wait till it finishes installing. It should behave like how Windows does it with its updates.
Anyway, enhancements for this update include improved Microsoft Exchange reliability, a variety of performance and stability improvements, security fixes, a couple of Bluetooth tweaks, and in answer to some Mac Pro owners’ prayers – systems with a Mac Pro RAID Card from early 2009 can now be put to sleep (Apple Menu > Sleep).
10.6.5 also comes with many security fixes, vulnerabilities in everything from Adobe Flash to MySQL to Apache.