Sophos warns of Mac OS X backdoor Trojan

Security firm Sophos has uncovered a backdoor Trojan aimed at the Mac OS X operating system. The hack is unfinished and only in beta, but could threaten an operating system that many users believe to be inherently more secure than its rivals.

Chester Wisniewski, senior security advisor at Sophos Canada, said that the malware may suggest a new trend among "underground hackers" which seeks to capitalise on the increasing popularity of Mac computers.

"As even the malware itself admits, it is not yet finished, but it could be indicative of more underground programmers taking note of Apple's increasing market share," he explained in a blog post.

"SophosLabs analysed the sample we received and determined that it is a variant of a well-known Remote Access Trojan for Windows known as darkComet. The author refers to it as the 'BlackHole RAT.' Sophos refers to it as OSX/MusMinim-A, or 'MusMinim' for short."

Wisniewski said that the attack is basic, and could be more of a nuisance than a catastrophe depending on how it is tackled.

The Trojan places text files on the desktop, sends URLs to the client to open a web site and uses pop-ups to try to phish users.

The malware also requests a reboot, and presents the following message: "I am a Trojan Horse, so I have infected your Mac Computer. I know, most people think Macs can't be infected, but look, you ARE Infected! I have full control over your Computer and I can do everything I want, and you can do nothing to prevent it."

Wisniewski said that the best protection is to stay on top of security administration and patching. He added that the Trojan could be distributed through pirated software or torrent sites.