Home > Emerging Threats, OS X > RAT ‘BlackHole’

RAT ‘BlackHole’

‘BlackHole’ is the latest remote administration tool (RAT) and is available both in Windows and Mac.

Hacktool such RAT employs client-server program that communicates to its victim’s machine through its trojan server. The server application is installed on the victim while the client application is on the managing side.

The version suggest that ‘BlackHole’ is currently in its early stage. However, the author seems to start showcasing the following functionalities:

  • Remote execution of shell commands.
  • Opens webpage using user’s default browser.
  • Sends a message which is displayed on the victims screen.
  • Creates a text file.
  • It is capable to perform shutdown, restart and sleep operation.
  • It is capable to request for admin privileges.

Also, it is also capable to block users screen with this message: please refer this image.

Be wary of possible backdoor infection. Report suspicious application, especially if it is communicating to unknown or unfamiliar remote server.

Note: While checking the client-server capability, I just thought that it would be useful to capture a video for reference. (recommended screen 720pHD)

  1. Logan Smith
    March 7, 2011 at 6:18 pm

    If got this trojan, how do you know how to completely remove this malicious virus from the Mac so it is now safe?


    I’m not following how the virus is able to hijack the Admin password dialogue. Isn’t this a security feature on Mac OS X that is required in order for even anything to be installed in the first place?

    • March 9, 2011 at 12:48 am

      It does not have stealth feature, so you could search and terminate the process using Activity Monitor.

      In regards to your next question, you are right, the Admin password dialogue is designed as a security feature on Mac OS X to prevent or reduce the risk of executing unwanted application. However, the same feature is vulnerable to spoofing attack, whereby any unwanted application installed could perform social engineering; this is to perform privilege escalation by invoking Mac OS X authorization services.

    • March 9, 2011 at 4:51 pm

      Logan wrote:

      >> If got this trojan, how do you know how to completely remove this malicious virus
      >> from the Mac so it is now safe?

      Hey Logan,

      Now that Sophos knows about it, it should be addressed if you’re running their free & nicely done Anti-Virus package for Mac OS.

  2. cam
    March 22, 2011 at 2:31 am

    Is it safe to download this? or Would the hacker who made it, put a virus on it? It sounds pretty cool thing to use

  3. July 19, 2011 at 11:09 am

    This is not a problem in most of cases with OSX itself or even Apple (as many people can say), but with people themselves and third part applications. As you know OSX is build with on BSD (most secure system), but also (by default) all ingeration into the system should be done with admin password. People most of the time don’t read this information. On the second way there is also problem with holes in Firefox, Adobe products which Apple doesn’t monitor.

    So in my opinion words like 35 viruses/trojans 10000 viruses/trojans are useless, because it’s always problem with other applications and users.

    Read my blog > Mac and Viruses

  1. February 26, 2011 at 3:08 am
  2. February 26, 2011 at 5:42 am
  3. February 26, 2011 at 6:25 am
  4. February 26, 2011 at 7:53 am
  5. February 26, 2011 at 9:23 am
  6. February 26, 2011 at 2:33 pm
  7. February 26, 2011 at 4:50 pm
  8. February 26, 2011 at 6:22 pm
  9. February 26, 2011 at 8:43 pm
  10. February 26, 2011 at 11:19 pm
  11. February 27, 2011 at 7:53 am
  12. February 27, 2011 at 11:34 am
  13. February 27, 2011 at 6:35 pm
  14. February 27, 2011 at 7:31 pm
  15. February 28, 2011 at 11:56 am
  16. February 28, 2011 at 2:44 pm
  17. February 28, 2011 at 5:55 pm
  18. March 1, 2011 at 11:50 am
  19. March 1, 2011 at 8:03 pm
  20. March 2, 2011 at 12:30 am
  21. March 2, 2011 at 11:04 am
  22. March 2, 2011 at 3:03 pm
  23. March 2, 2011 at 3:57 pm
  24. March 2, 2011 at 6:09 pm
  25. March 2, 2011 at 7:20 pm
  26. March 15, 2011 at 10:58 am
  27. April 2, 2011 at 1:41 pm
  28. April 18, 2011 at 12:14 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: