New Backdoor Trojan Targets Windows and Mac OS X

Paul Lilly

Security firm Sophos has discovered a modified variant of the well known darkComet Remote Access Trojan (RAT) that not only affects Windows PCs, but the Mac OS X platform too. Interestingly enough, the nefarious Trojan readily admits it's not yet finished, which could be indicative of more underground programmers finally taking notice of Mac's increased market share. In its current form, Sophos senior security adviser, Chester Wisniewski, describes the Trojan as "very basic" in nature with a mix of English and German in the UI.

Infected Macs display the grammatically challenged message:

"I am a Trojan Horse, so i have infected your Mac Computer. I know, most people thnk Macs can't be infected, but look, you ARE Infected! I have full control over your Computer and i can do everything I want, and you can do nothing to prevent it. So, I'm a very new Virus, under Development, so there will be much more functions when im finished."

Functions of this specific Trojan include the ability to place text files on the desktop; send a restart, shutdown, or sleep command; run arbitrary shell commands; place a full screen window with a message that only allows you to click reboot; send URLs to the client to open a website; and pop up a fake 'Administrator Password' window to phish the target, Sophos says.

Wisniewski notes that Trojans like BlackHole RAT are often distributed through pirated software downloads and torrent sites.

Around the web