A Remote Access Trojan (RAT) for Windows, known as darkComet, has been ported to Mac OS X. The new backdoor Trojan is not yet finished, but it could be indicative of more underground programmers attempting to take advantage of Apple's growing market share. Here is an excerpt of the default text that the malware displays in the full screen window with the reboot button, courtesy of Sophos:
I am a Trojan Horse, so i have infected your Mac Computer. I know, most people think Macs can't be infected, but look, you ARE Infected! I have full controll over your Computer and i can do everything I want, and you can do nothing to prevent it. So, Im a very new Virus, under Development, so there will be much more functions when im finished.
The author of the Trojan refers to it as the BlackHole RAT, while security experts are calling it OSX/MusMinim-A, or MusMinim for short. "Black Hole" is already used by Irradiated to name a legitimate Mac security application which removes potentially sensitive information such as recently-used file lists, data left in the clipboard, and so on. MusMinim appears to have a mix of German and English in its user interface, as well as these functions:
- Placing text files on the desktop
- Sending a restart, shutdown or sleep command
- Running arbitrary shell commands
- Placing a full screen window with a message that only allows you to click reboot
- Sending URLs to the client to open a website
- Popping up a fake "Administrator Password" window to phish the target
Starting late last year, Sophos has been pushing its free antivirus for Mac. The security company insists the numbers show malware is an increasing issue on the platform.