New BlackHole RAT Malware Variant for OS X Uncovered
Posted by zduncan | Posted in Computer | Posted on 28-09-2011
Tags: Mac, Mac malware, Mac OS X, Mac OS X BlackHole malware
1
Many of you remember when malware, known as BlackHole or MusMinim, was discovered by security company Sophos for Mac OS X. If you don’t remember, BlackHole is a backdoor server program Remote Access Tool (RAT) that runs on an infected system and allows a remote user(s) to interact with the system.
The user can then issue shutdown commands, display screen messages, open URLs or request usernames and passwords. In simpler terms, this is similar to a remote desktop utility that is not distributed for productive purposes.
Unlike more recent attempts at getting malware on Mac OS X that attempt to keep hidden and steal a user’s information automatically, BlackHole isn’t very discreet and requires a remote user to actively interact with the system.
That is why many security experts classify it more as a prank or “annoyware” as opposed to malware. Despite that, though, it can still be used for the purpose of stealing information and was not developed as a legitimate piece of software, which technically classifies it as malware.
It does appear as if the developer of BlackHole is refining the malware as Sopho has just released new definitions on a third variant of the malware. When new malware is discovered, definitions of it are usually labeled alphabetically in order to differentiate its variants.
Even though this malware is in no way as volatile as the MacDefender malware and its variants, it does show that even seemingly old malware can be tweaked at any time. Despite the development, there really is nothing new and it presents a very low risk to Mac users.
If you do happen to come across this malware on your Mac, it is advisable that you remove it as soon as possible, if only to be better safe than sorry.
Source: CNET – Sophos tackles new BlackHole RAT malware variant for OS X