Sophos Uncovers New Trojan Targeting Macs

Sophos has discovered a backdoor Trojan specifically targeting security-lax Apple users

A new backdoor Trojan has surfaced targeting Mac OS X systems, according to security researcher Sophos Labs.

The malware, which Sophos calls MusMinim, is a variant of a well-known Remote Access Trojan (RAT) for Windows known as darkComet, wrote security researcher Chester Wisniewski on a Sophos blog.

Apple targeted

“As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple’s increasing market share,” Wisniewski wrote.

The author of the Trojan refers to it as the “BlackHoleRAT”, but the name Black Hole is already used by a legitimate Mac OS X application used to delete potentially sensitive information.

The Trojan is “very basic” so far and uses a mix of German and English in the user interface, according to Sophos.

Its functions include placing text files on the desktop, running arbitrary shell commands and popping up a fake “Administrator Password” phishing window.

Annoying message displayed

When a system is infected the Trojan displays a message informing users they have been hacked, Sophos said. “I am a Trojan horse, so I have infected your Mac computer,” the message states. “I know, most people think Macs can’t be infected, but look, you ARE infected! I have full control over your computer and I can do everything I want, and you can do nothing to prevent it.”

Sophos hasn’t yet seen the Trojan used in any active attacks, but said such malware is usually distributed via pirated software downloads or torrent sites.

“It could also be dropped by a vulnerability in your browser, plugins and other applications,” Winiewski wrote.

Last year Sophos pointed out that many Apple users do not take security seriously, making them a soft target for hackers in the future.