Discovered on December 21, 2010, BlackHole RAT is the latest security threat that can affect OS X users. At one point, in the not-so-distant past, Mac users could tout the fact that there were no known viruses or trojans for the Mac platform…unlike the countless viruses and trojans that affect Windows. Last October, a Java-based Trojan targeting Mac OS X spread through social networking sites by baiting users into clicking a link. Now with two trojans discovered in 2010 alone, Mac users (especially those who have recently migrated from Windows) may wonder if their favorite platform is still secure.
In many ways, BlackHole RAT is the poster child for the state of security on the Mac platform. Although some companies may have talked up the threat that this particular trojan poses, the facts are far less thrilling…or threatening.
To begin with, this particular trojan relies on a good deal of “social engineering” to gain access to a machine. “Social engineering” is a term used to describe the act of maneuvering an individual into divulging sensitive information, or performing some action, as opposed to using computing brute force to access the same information.
In the case of this trojan, it attempts to trick the user into believing it is a legitimate application. Once it is installed, the trojan delivers its payload, consisting of opening web pages, remotely executing shell commands, creating text files, and instructing the machine to sleep, shutdown and restart. The most threatening action this trojan is capable of, is popping open a fake Administrator Authorization Window, prompting the user to enter their Administrator credentials. This would, of course, result in the system being compromised.
As mentioned, however, this trojan is really a poster child of Mac security, due to it only being as dangerous as an individual allows it to be. Although BlackHole RAT has not been seen in the wild, trojans such as this one are usually distributed via pirated software sites and torrent sites. Avoiding pirated software, malicious web sites, and handling suspicious email attachments carefully should be all that is required to keep a Mac safe.
If a user wants to be extra careful, they can install an anti-virus program. Although this is certainly not necessary at this point in time, it may give some individuals extra peace of mind. ClamXAV (a front-end for the open source ClamAV), by Mark Allen, is a good free choice, as is Sophos Anti-Virus Home Edition. Both programs offer various background scanning options to ensure maximum protection.
Although the day may come when malware writers find ways to effectively infect Mac OS X machines, in their current incarnation, todayʼs viruses and trojans require too much “assistance” from the user to be truly threatening. BlackHole RAT is a no exception.