Back in February, the Apple world was rocked by the announcement of a Trojan called BlackHole RAT (Remote Access Trojan) that could allow someone to access a machine remotely, without the knowledge or permission of the user. (Okay, so maybe “rocked” is an exaggeration; more likely a couple of people yawned and clicked through to the next article.) A report came out today that BlackHole RAT has been updated to 2.0. In addition to the standard backdoor type access, now it can allow remote commands and put up a fake password prompt, which then sends your administrator password to the hacker. Most of the time, the announcement of a Trojan on Mac OS X doesn’t upset anyone because, unlike a virus that spreads on its own, a Trojan has to be installed by the user, and who would do something like that?
The term “Trojan” comes from the tale of the Trojan Horse: During the Trojan War, Greek soldiers left a giant wooden horse outside the gates of Troy, which the people brought into the city as a victory trophy. That night, Greek soldiers hidden inside the horse opened the city gates to allow the rest of the Greek army inside. This is in essence how a Trojan works on your computer: you install an application that appears to be one thing, but it carries hidden code (called a “payload”) that does something unexpected and usually harmful. Trojan Horse programs tend to make more news on Windows systems, since larger percentage of computer users are running Microsoft’s OS. Most hackers go for the largest return on their time, which is always Windows users. On a Mac, it’s harder to infect the operating system, but it is still possible if you don’t practice “safe surfing.” (I know the term sounds silly, but really, it’s true.) Key point—watch what you install.
While viruses often come in various forms (as e-mail attachments or through unsecured ports), Trojans come packaged with another program. More often than not, Trojans are attached to “pirated” software. Here is a typical scenario: you find a copy of Microsoft Office:mac 2011 on the Internet, and it comes with a “serial crack” (which allows you to activate the software without paying for it). You run the serial number generator, it prompts you for a password, and then it gives you a fake serial number, which you enter into Office. Wow, you just got a $190 program for free!
A few days later, your friends tell you that they are receiving spam from your e-mail address. You try to log into your mail to check, but your password doesn’t work. Frustrated, you go to Facebook to post about it, except you can’t log into your page anymore, and all your pictures are gone. Later, you try to buy groceries, but your credit card is overdrawn. Checking your statement online, you find that someone bought a widescreen television and several iPads from Best Buy in some state you’ve never been to. Then the realization hits—you’ve been hacked. That serial number generator you installed had a program attached that allowed someone to grab all your personal information, so now everything you had on your computer—including your passwords and bank account information—is being used by someone else. You might think, “But I have a Mac, this can’t happen!” Remember that any program that attaches to the OS requires a password to install, and when the serial number generator asked for it, you happily provided it.
This is not intended to be a sermon reminiscent of “don’t copy that floppy.” It does, however, illustrate how even a computer as secure as a Mac can still be “hacked.” It’s akin to giving a stranger your keys and then wondering what happened to your car. Best way to prevent this? Watch what you install. As I have said in previous articles, don’t install “warez” —a generic term for commercial software that you did not pay for. If you see programs claiming to remove copy protection or fake “serialz” or “cracks,” avoid them. Most of the time they do what they claim, but there is no way to know what else they do until it’s too late. Sophos has a free scanner that can watch out for these things, but really, the best protection is to just not go there. If you don’t want to get mugged, don’t go down a dark alley at night. If you don’t want your data to get mugged, stay out of the dark alleys of the Internet.