Home Malware Programs Mac Malware Bella RAT

Bella RAT

Posted: September 8, 2020

The Bella RAT is a threatening piece of malware whose author has crafted it to work on macOS systems especially. The threat has been created in the Python programming language, and it boasts a wide range of features that can work even if the attacker does not have root-level permissions. If, however, Bella RAT manages to gain administrator permission on the compromised host, it will be able to cause even more mayhem. One of the Bella RAT scariest things is that its source code has been available publicly since 2017, and any wannabe cybercriminal can fetch it from a public GitHub page – this means that just about any cybercriminal can employ the Bella RAT in an attack against macOS users.

Users who use an up-to-date version of macOS are unlikely to suffer a lot from a potential Bella RAT attack because the operating system has patched multiple vulnerabilities that Remote Access Trojans used to exploit. However, using an outdated version of Apple's operating system may enable the Bella RAT to cause a lot of trouble – it looks for particular exploits that would allow it to gain root permissions, therefore granting the attacker full access to the compromised system. The best move to stay safe from a potential Bella RAT attack is to use a reputable anti-virus tool for macOS, as well as avoid interacting with random online content.

Bella RAT Boasts a Long List of Features Compared to Other macOS RATs

According to Bella RAT's official source code page on GitHub, the Trojan has the following primary abilities:

  • Download and run files from a URL address or upload files from the control server.
  • Open a reverse shell.
  • Display a fake system prompt that tries to phish for the user's login credentials.
  • Record via the microphone.
  • Extract iCloud Tokens.
  • Extract passwords from Google Chrome.
  • Collect browser history from Safari and Google Chrome.

If the Bella RAT manages to gain root permissions, it will be able to perform the following tasks on top of the ones listed above:

  • Hijack network traffic and redirect it through the Command and Control server. This enables the attacker to execute a Man-in-The-Middle (MiTM) attack.
  • Turn the keyboard and mouse on or off.
  • Obtain access to the operating system even if the users sleep their computers or close their laptops.

One of the largest campaigns to include the Bella RAT dates back to 2017 when malware researchers noticed that the Dok macOS malware brought copies of an unknown Python RAT that was later identified as the Bella RAT.

Loading...