BlackHole RAT is Really No Big Deal

Posted on February 28th, 2011 by

iThreats published information about a new remote administration tool recently, and other sites are presenting this as a serious new threat to the Mac. Actually, this is hardly a threat at all. This tool, BlackHole, is something that needs to be installed on a Mac, generally via a Trojan horse, and, while it offers simple functionalities to control a Mac, merely having shell (Terminal) access is more than enough. A RAT, or remote administration tool (and not a “remote access Trojan,” as one site claims), such as this is designed to simplify the tasks of a malicious user who wants to control an infected computer, but in most cases, the people who are infecting Macs will be able to do all of this with a simple ssh connection using Terminal.

Backdoors are relatively easy to install once you get a user to install a Trojan horse. A remote administration tool is not in itself a threat; it requires that a backdoor be installed, and this in turn requires effective payload from a Trojan horse or other means of installation. While Intego will be detecting and blocking BlackHole in its threat filters, we consider this to not be a serious risk.