A new backdoor Trojan virus that targets Mac OS X has emerged, Sophos reports. SophosLabs analyzed the sample we received and determined that it is a variant of a well-known Remote Access Trojan (RAT) for Windows known as darkComet. The author of the Trojan refers to it as the 'BlackHole RAT', as you can see from the screenshots, but Sophos calls it OSX/MusMinim-A, or 'MusMinim' for short.
MusMinim is very basic and there appears to be a mix of German and English in the user interface but its development shows that the era of infallibility for Mac is cooing to an end. Another widely seen example is the RSPlug.A trojan which has been in the wild for quite sometime, which purports to be a plugin required to view a video file but modifies the DNS settings, redirecting users to malicious websites.
Its functions include:
- Placing text files on the desktop
- Sending a restart, shutdown or sleep command
- Running arbitrary shell commands
- Placing a full screen window with a message that only allows you to click reboot
- Sending URLs to the client to open a website
- Popping up a fake "Administrator Password" window to phish the target
Sophos notes that its Anti-Virus for Mac Home Edition, which is a free download, identifies and removes the virus. You should probably run it, just to make sure you're not infected.