The new Trojan is known as the Black Hole RAT (remote administration tool) and is capable of giving a remote attacker virtually complete control of an infected machine. It’s not clear right now whether the tool includes any exploits for OS X to help attackers install it on Macs, but in many cases malware tools like Black Hole are distributed via download sites and or torrent sites, as researchers at Sophos noted.
The Black Hole RAT seems to be in beta form right now, and has some fairly rudimentary capabilities, according to an analysis by Meths Cebrian Ferrer, a researcher in Australia who follows Mac malware. The tool enables the attacker to remotely shut down an infected machine, display a full-screen message that gives the user no choice but to reboot the computer, request admin privileges through a fake dialog box or open the user’s browser.
The full-screen message that the Black Hole RAT displays tells the user that the tool has infected her machine and the user has no control over its actions.
“Hello, I’m the BlackHole Remote Administration Tool. I am a Trojan horse, so I have infected your Mac computer,” the message reads. “I know, most people think macs can’t be infected, but look you ARE infected. I have fill controll [sic] over your computer and I can do everything that I want and you can do nothing to prevent it. So, I’m a very new virus, under development, so there will be much more functions when I’m finished. But for now, it’s ok what I can do. To show you what I can do, I will reboot your computer after you have clicked the button right down.”
Although this Trojan targets the Mac platform, it doesn’t seem to be use any Mac-specific exploits for infecting machines. Instead, it’s likely to piggyback on a download, a common tactic for attackers to plant Windows malware, as well.