Discovered back in 2010, BlackHole RAT is one of the largest security threats that affects macOS, Mac OS X, or Windows. At one point, in the not-so-distant past, Mac users touted the fact that there were no known viruses or trojans for the Mac platform…unlike the countless viruses and trojans that affect Windows. Additionally, a Java-based Trojan targeting Mac OS X spread through social networking sites by baiting users into clicking a link. Now with trojans discovered, Mac users (especially those who have recently migrated from Windows) may wonder if their favorite platform is still secure.
BlackHole RAT (and other Trojans) allows a remote attacker to do the following:
- Execute shell commands
- Shutdown, restart or put your computer to sleep
- Displays a message on your computer
- Creates text files on your desktop
- Prompts for admin credentials
Mac Security and Social Engineering
In many ways, BlackHole RAT is the poster child for the state of security on the Mac platform. Although some companies may have talked up the threat that this particular Trojan poses, the facts are far less thrilling…or threatening.
To begin with, this particular trojan relies on a good deal of “social engineering” to gain access to a machine. “Social engineering” is a term used to describe the act of maneuvering an individual into divulging sensitive information, or performing some action, as opposed to using computing brute force to access the same information.
In the case of this trojan, it attempts to trick the user into believing it is a legitimate application. Once installed, the trojan delivers its payload, consisting of opening web pages, remotely executing shell commands, creating text files, and instructing the machine to sleep, shutdown and restart. The most dangerous action this trojan is capable of is popping open a fake Administrator Authorization Window, prompting the user to enter their Administrator credentials. This action results in a compromised system.
As mentioned, however, this trojan is a poster child of Mac security, due to it only being as dangerous as an individual allows it to be. Although BlackHole RAT is not in the wild, trojans such as this one are usually distributed via pirated software sites and torrent sites. Avoiding pirated software, malicious websites, and handling suspicious email attachments carefully keep a Mac safe.
If a user wants to be extra careful, they can install an anti-virus program. Although this is certainly not necessary at this point, it may give some individuals extra peace of mind. ClamXAV (a front-end for the open source ClamAV), by Mark Allen, is a good free choice, as is Sophos Anti-Virus Home Edition. Both programs offer various background scanning options to ensure maximum protection.
Although the day may come when malware writers find ways to infect Macs, todayʼs viruses and trojans require too much “assistance” from the user to be threatening. BlackHole RAT is a no exception.