Mac OS X backdoor Trojan, now in beta? by Chester Wisniewski Sophos February 26, 2011
It appears there is a new backdoor Trojan in town and it targets users of Mac OS X. As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple's increasing market share. SophosLabs analyzed the sample we received and determined that it is a variant of a well-known Remote Access Trojan (RAT) for Windows known as darkComet. The author of the Trojan refers to it as the 'BlackHole RAT', as you can see from the screenshots, but Sophos calls it OSX/MusMinim-A, or 'MusMinim' for short. The name 'Black Hole' is already used by a legitimate application which actually aims to increase security on your Mac by helping you get rid of potentially sensitive information such as recently-used file lists, data left in the clipboard, and more. MusMinim is very basic and there appears to be a mix of German and English in the user interface. Its functions include: * Placing text files on the desktop * Sending a restart, shutdown or sleep command * Running arbitrary shell commands * Placing a full screen window with a message that only allows you to click reboot * Sending URLs to the client to open a website * Popping up a fake "Administrator Password" window to phish the target ... http://nakedsecurity.sophos.com/2011/02/26/mac-os-x-backdoor-trojan-now-in-beta/ _______________________________________________ Medianews mailing list [email protected] http://lists.etskywarn.net/mailman/listinfo/medianews
