Intego Discovers New, Improved BlackHole RAT Variant
Posted on by Peter James
We reported on a barely-threatening remote administration tool, called BlackHole RAT, in late February. At the time, this was a non-event, as it was not being distributed in any efficient manner, and was more or less a proof of concept. Intego’s security researchers have spotted a new variant of this malware, OSX/BlackHoleRAT.B, which features some improvements over the original, but is still not a very serious threat.
The RAT backoor is in a faceless background application named “Safari.app,” like the Safari web browser. In addition to the backdoor in the original version, this variant also contains a binary called “isightcapture” that can take screenshots and photos using a Mac’s iSight camera and send them to remote servers. Beyond these improvements, the risk of this is still low. It is not found in the wild, and, while there are improvements, there is no efficient Trojan horse available. (The developer of this software claims there will be one named “Adobe CS5 Master Suit Crack,” presumably disguised as a tool to crack Abode CS5.)
So, for now, still nothing to worry about, but it’s good to be aware that there are hackers out there trying hard to get into Macs.