Home > Malwares, OS X > RAT for Mac

RAT for Mac

RAT for Mac?

When there’s too much RAT (Remote Administration Tool) available for Windows, people wonder if there’s good and useful RAT for Mac as well.

The search and discussions about this topic goes on and on; at one point an online poll favored to continue the development:

A useful description of RATs that works in OSX can be found here.

The most recent/updated development is HellRaiser version 4.2, coded by DCHKG an Underground Mac Programming Team.

HellRaiser includes a configuration component, where the remote controller can specify the server parameters.

The server component is the application distributed to target OS X user. It requires manual execution to install and enable the server to run in background (hidden from dock). Once successful, the server component (or the slave) will report back to the master as shown below.

This is the same version that Intego recently discovered in-the-wild disguised as iPhoto installer.

How would I know if HellRaiser server is installed/running?

option 1: You may open network utility and activity monitor (/Applications/Utilities/) and kill the process.

option 2: You may open terminal, and type lsof -i (this will list running processes and its matching network/internet connection). Search dubious name and internet connection, take note of the PID, and in terminal type kill -9 <PID> (this will kill the process).

If you’re using Mac security scanner, then it’s best time to check for signature update! (most vendors detects this as OSX HellRTS)

  1. No comments yet.
  1. September 16, 2010 at 11:38 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: