Malware, Vulnerability Management

“BlackHole” malware, in beta, aims for Mac users

Experts are debating the level of risk posed by what appears to be a new malware variant targeting Mac OS X users.

Known as BlackHole RAT (remote administration tool), the malware is part of the darkComet Windows trojan family, said Chester Wisniewski, senior security adviser at security firm Sophos, in a Saturday blog post. The trojan spreads via torrent sites and it is borrowing the name of a legitimate application that allows users to remove sensitive data from their Mac machines.

Its capabilities remain basic at this time, but BlackHole RAT can force victims to restart their computer by placing a full-screen message that cannot be clicked out of without initiating a reboot.

In addition, the trojan can remotely execute shell commands, force open web pages and send messages displayed on the victim's screen, according to an analysis published Friday by Methusela “Meths” Cebrian Ferrer, an Australian threat researcher.

Not everyone, however, believes the threat is a serious one. Mac security firm Intego, in a blog post Monday, said there is a distinction between a trojan and BlackHole RAT, which "is designed to simplify the tasks of a malicious user who wants to control an infected computer."

For users' machines to run BlackHole RAT, they must already be infected.

"A remote administration tool is not in itself a trojan horse," the post said. "It requires that a backdoor be installed, and this in turn requires effective payload from a trojan horse or other means of installation."

An Apple spokesperson did not respond to a request for comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.