Security firm Sophos has identified a new Trojan horse circulating that targets Apple’s Mac OS X platform, dubbing it OSX/MusMinim-A, after the malware’s apparent author. Although users still have to be tricked into downloading the Trojan—and the software currently claims it’s not finished and that more features are coming—the malware can run arbitrary Unix shell commands, shut down and restart the computer, put files on the desktop, and phish for users’ administration passwords. Sophos categorized the risk from the malware as low—and notes that its antivirus software can correctly detect and remove it—although the appearance of new malware targeting Mac OS X may re-ignite debates over the platform’s security.
Apple’s Macintosh platform hasn’t had a serious threat from viruses since the early 1990s, while Microsoft’s Windows platforms have been engaged in a constant state of war with malware, worms, viruses, and security exploits for decades. Many security experts point out this has more to do with the economics of the malware industry than anything inherently more secure about the Macintosh platform: it simply hasn’t been worth virus-writers’ time to target Mac OS X because Apple’s market share has been low enough that it wasn’t an appealing target. However, as Apple’s fortunes have climbed to stratospheric heights on the success of the iPhone and iPad, Macintosh sales have also increased—and many have expected malware authors to take notice of the platform.
The fact the Mac hasn’t had to deal with a significant malware threat in so long has also created a culture of complacency amongst Macintosh users, many of whom believe the Mac is somehow magically immune to malware—even experts don’t bother with antivirus software because, for the time being, there really isn’t anything for it to do. Nonetheless, most security researchers agree Mac OS X’s built-in security technologies are well behind other platform, although Apple has just invited security researchers to look at its forthcoming Mac OS X 10.7 “Lion.”
According to Sophos, the Trojan (which calls itself Blackhole RAT, no relation to Michaël Fortin’s Black Hole wipedown software) is a variation on the darkComet remote access trojan (RAT) for Windows. Like all Trojan horses, the OSX/MusMinim-A malware needs to be executed by the user to affect a user’s machine; the most common distribution methods for Trojans are sites offering pirated software and other items that users expect to have to install on their computers.
