Threat Management, Incident Response, Malware, TDR, Vulnerability Management

Proton RAT malware not a positive development for Mac users


Questions continue to swirl surround a mysterious Mac-based remote-access trojan (RAT) malware program called Proton, which Apple addressed in an update last month to its anti-malware program, XProtect.

The threat garnered new attention last week after a Malwarebytes blog post cited a February report from Israeli-based dark web monitoring company Sixgill, whose researchers spotted the malware on a Russian cybercrime forum.

According to Sixgill, the malware gives the attacker root-access privileges, in all likelihood due to exploitation of a previously unpatched zero-day vulnerability. The dark web ad and a YouTube video demonstration of the malware also touts such capabilities as “running real-time console commands and file-manager, keylogging, SSH/VNC connectivity, screenshots, webcam operation and the ability to present a custom native window requesting information such as a credit-card, driver's license and more,” Sixgill reported. Furthermore, “The malware also boasts the capability of iCloud access, even when two-factor authentication is enabled.”

Sixgill also noted that the Proton's developers managed to ship the RAT program with genuine Apple code-signing signatures, possibly by falsifying registration to the Apple Developer ID program or by using stolen developer credentials.

Sixgill told SC Media that it did not have a sample of the malware to analyze in order to confirm the claims of the malware's developer.

In February, Apple reportedly updated its XProtect program to defend against OSX.Proton.A, as well as the backdoor malware program XAgent.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.