• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • New Trojan Confirmed for Apple's Mac OS X


    Security analysts at Sophos report that a new "backdoor Trojan" has been written by hackers that specifically takes aim at Apple's Mac OS X operating system. According to Chester Wisniewski of Naked Security - the popular IT security blog - the trojan in question makes remote operations and password "phishing" relatively simple.

    As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple's increasing market share.
    SophosLabs says the trojan is a "variant" of a longstanding Remote Access Trojan (RAT) for Windows known as "darkComet." In this particular instance, however, the individual behind the Trojan refers to it as the "BlackHole RAT." For now, Sophos is calling it OSX/MusMinim-A, or "MusMinim." It reportedly includes both German and English in the user interface.

    Sophos says that the potentially nefarious functions served by MusMinim include placing text files on one's desktop, delivering operation commands like restart or shutdown, running arbitrary shell commands, displaying fraudulent "Administrator Password" windows for phishing purposes, displaying a full screen window that forces reboot for closure, and more.

    While this instance certainly doesn't mark the first known trojan written for Macs, it also won't mark the last - especially since Apple continues to capture a larger and perpetually-increasing chunk of the PC market. For more info, check out what the folks at Sophos have to say about OSX/MusMinim-A.

    Sophos
    Naked Security
    This article was originally published in forum thread: New Trojan Confirmed for Apple's Mac OS X started by Michael Essany View original post
    Comments 42 Comments
    1. Aleckloss's Avatar
      Aleckloss -
      here goes the start of a multibillion dollar antivirus industry for the mac app store... Jeez louise
    1. markfaulken@aol.com's Avatar
      i realize u have to knowingly and purposefully install this in order for it to infect your computer. u got to be a retard to do it.. anyway my ? is, why do people come up with these? really? why cant they use their knowledge to come up with a good program then u could SELL it...
    1. awesomeSlayer's Avatar
      awesomeSlayer -
      It is not a threat if you don't install it. If you do, you are ****ed. Well, not really.
    1. eman297's Avatar
      eman297 -
      ok i have lion but i want to downgrade back to snow leopard, how do i do it?
    1. bftiedt's Avatar
      bftiedt -
      By the time this is done I'm sure it will be packed with a .dmg that will be pirated and when it's downloaded and ran the bam.. Trojan.
    1. robbpell's Avatar
      robbpell -
      why are so many people saying its such a big deal that the user has to install it?
      YOU WIN $1,000,000 in itunes gift cards click here to redeem!

      People are stupid and if there is money to be made there will be exploitation.
    1. alexevo's Avatar
      alexevo -
      What most of you saying "this is dumb because you have to install it" don't realize is you aren't going to willingly download "Trojan horse file.dmg" and install it. You're going to download some other innocuous program that you'd like to utilize and this will be inside it. Thus you won't knowingly be installing this file hence why it is called a Trojan(a la Trojan horse hiding soldiers inside it when brought inside the gates).

      The business of antivirus software is tricky because I know a few people that have worked at or currently work at antivirus software companies and they admit they have been asked covertly or have themselves thought of writing virii or trojans to sell more software, esp. for systems that normally don't have these problems(OSX, etc.).

      The fact that an antivirus company is reporting on this smells funny and I'd wait to hear further information before acting or reacting to purported threats.

      For you pirates out there(I'm not judging you, just advising) keep in mind that MP3s/AVIs/other videos/music are ENCODED and thus aren't executables which means the trojan payload can't be triggered. However, pirated software most definitely can contain this and you may wish to think twice before you download it.
    1. newyork0900's Avatar
      newyork0900 -
      Quote Originally Posted by mwr_allen View Post
      I know it sounds a bit lame that it has to be installed by the user but didn't the Trojan army get fooled into accepting "installing" a trick horse "trojan" from the Greeks and then got screwed? if this new Mac trojan is fooling people into installing it then it's right on the money calling it a trojan.
      This is where Torrents can cause problems. I would have thought the hacker would't call it a trojan, in bright lights, but would disguise it has a "pink fluffy bunny", with a pink fluffy install screen. But I'm know hacker, so what do I know.

      Quote Originally Posted by alexevo View Post
      What most of you saying "this is dumb because you have to install it" don't realize is you aren't going to willingly download "Trojan horse file.dmg" and install it. You're going to download some other innocuous program that you'd like to utilize and this will be inside it. Thus you won't knowingly be installing this file hence why it is called a Trojan(a la Trojan horse hiding soldiers inside it when brought inside the gates).

      The business of antivirus software is tricky because I know a few people that have worked at or currently work at antivirus software companies and they admit they have been asked covertly or have themselves thought of writing virii or trojans to sell more software, esp. for systems that normally don't have these problems(OSX, etc.).

      The fact that an antivirus company is reporting on this smells funny and I'd wait to hear further information before acting or reacting to purported threats.

      For you pirates out there(I'm not judging you, just advising) keep in mind that MP3s/AVIs/other videos/music are ENCODED and thus aren't executables which means the trojan payload can't be triggered. However, pirated software most definitely can contain this and you may wish to think twice before you download it.
      Sorry just seen your post, after I had finished inputting mine.
    1. steve-z17's Avatar
      steve-z17 -
      Quote Originally Posted by eman297 View Post
      ok i have lion but i want to downgrade back to snow leopard, how do i do it?
      You put the install disc (10.6.3) and re-install it! If that doesn't work then you'll need to erase your HDD and then re-install not very fun!

      1,000th post
    1. rocky5's Avatar
      rocky5 -
      I don't get this? Apple FB's ***** and slag PC for viruses all the time, yet one pops up for OSX and you all defend it like doesn't mater. "you have to install it, your dumb oO" it's the exact same way on windows, you need to click something to allow it to install.

      So basically soon you will see an exploit in safari that will be utilised to install this Trojan, after you click on a link or even an image.

      At some point, they will find anyway to bypass the admin password or just reset it then hack the **** out of your comp, before you can do anything.

      This is just the beginning, unfortunately
    1. dmbsituation's Avatar
      dmbsituation -
      Quote Originally Posted by rocky5 View Post
      I don't get this? Apple FB's ***** and slag PC for viruses all the time, yet one pops up for OSX and you all defend it like doesn't mater. "you have to install it, your dumb oO" it's the exact same way on windows, you need to click something to allow it to install.

      So basically soon you will see an exploit in safari that will be utilised to install this Trojan, after you click on a link or even an image.

      At some point, they will find anyway to bypass the admin password or just reset it then hack the **** out of your comp, before you can do anything.

      This is just the beginning, unfortunately
      Thank you! Windows Vista and Windows 7 require permission to install viruses (unless UAC is turned off), but it's not like the virus says "Do you want to install virus FML?"

      People are constantly tricked into installing viruses. And many of those people were tricked into thinking macs are incapable of getting a virus. Guess they'll find that spending an extra grand on a computer didn't make as much sense as spending $50 a year for a decent AV.
    1. NSXrebel's Avatar
      NSXrebel -
      Quote Originally Posted by rocky5 View Post
      I don't get this? Apple FB's ***** and slag PC for viruses all the time, yet one pops up for OSX and you all defend it like doesn't mater. "you have to install it, your dumb oO" it's the exact same way on windows, you need to click something to allow it to install.

      So basically soon you will see an exploit in safari that will be utilised to install this Trojan, after you click on a link or even an image.

      At some point, they will find anyway to bypass the admin password or just reset it then hack the **** out of your comp, before you can do anything.

      This is just the beginning, unfortunately
      Quote Originally Posted by dmbsituation View Post
      Thank you! Windows Vista and Windows 7 require permission to install viruses (unless UAC is turned off), but it's not like the virus says "Do you want to install virus FML?"

      People are constantly tricked into installing viruses. And many of those people were tricked into thinking macs are incapable of getting a virus. Guess they'll find that spending an extra grand on a computer didn't make as much sense as spending $50 a year for a decent AV.

      Guess you don't know the difference between a virus and a trojan. With OSX, you can't get a virus like Windows. With Windows, all you need to do to get infected is just download an infected file, or even just sticking in an infected USB thumbdrive or other media.

      Now it has been known that there are a couple/few trojans out there for OSX, but guess what, you have to install it. By installing, I mean you have to run the file and enter your admin password. Hence why they are called trojans, you have to give it root access in order to do anything.

      Just be careful where you download stuff from, preferably reliable sources. This goes for any computer/device, regardless of what operating system you are running. A little common sense goes a long way.
    1. Rob2G's Avatar
      Rob2G -
      Quote Originally Posted by AkkeDaBest View Post
      There goes thet advantage for macs
      The only way this is getting on a Mac is if a user installs it, and as previous poster stated if your stupid enuff to install it you deserve to have it. Apple will release a security update soon to fix it. I bet most people will get it from pirate sites.
    1. javiert30's Avatar
      javiert30 -
      Wow I got an idea... install Sophos...
    1. Cer0's Avatar
      Cer0 -
      If people are worried there are antivirus and security software out there for Macs. Comcast customers get Norton's security suite for free. There are several free alternatives too. I have ClamXAV just because. It catches windows virus in my mail every once in a while. So instead of me just passing it on it will take care of it.
    1. Money Over's Avatar
      Money Over -
      Only and idiot would run and install it though!

      Quote Originally Posted by Rob2G View Post
      The only way this is getting on a Mac is if a user installs it, and as previous poster stated if your stupid enuff to install it you deserve to have it. Apple will release a security update soon to fix it. I bet most people will get it from pirate sites.
      Yeah they will put it in every keygen they can find
    1. aidanski's Avatar
      aidanski -
      Once you go Mac, you don't go back.
    1. Co1d Night's Avatar
      Co1d Night -
      Quote Originally Posted by alexevo View Post
      What most of you saying "this is dumb because you have to install it" don't realize is you aren't going to willingly download "Trojan horse file.dmg" and install it. You're going to download some other innocuous program that you'd like to utilize and this will be inside it. Thus you won't knowingly be installing this file hence why it is called a Trojan(a la Trojan horse hiding soldiers inside it when brought inside the gates).

      The business of antivirus software is tricky because I know a few people that have worked at or currently work at antivirus software companies and they admit they have been asked covertly or have themselves thought of writing virii or trojans to sell more software, esp. for systems that normally don't have these problems(OSX, etc.).

      The fact that an antivirus company is reporting on this smells funny and I'd wait to hear further information before acting or reacting to purported threats.

      For you pirates out there(I'm not judging you, just advising) keep in mind that MP3s/AVIs/other videos/music are ENCODED and thus aren't executables which means the trojan payload can't be triggered. However, pirated software most definitely can contain this and you may wish to think twice before you download it.

      couldn't have said it better myself. I myself make viruses and you HAVE to attach them to another program (game, picture, word document, whatever) in order for the virus to actually be executed. Or my favorite, cloak it as an actual program :P
    1. moon#pie's Avatar
      moon#pie -
      Quote Originally Posted by Th3_Amazing_Ath3ist View Post
      couldn't have said it better myself. I myself make viruses and you HAVE to attach them to another program (game, picture, word document, whatever) in order for the virus to actually be executed. Or my favorite, cloak it as an actual program :P
      My favorite thing to do is:

      1. Only download legit apps from legit site.
      2. Kick people like you in the nuts.
    1. nautical79's Avatar
      nautical79 -
      Hope you can help me. What antivirus program are you using???