Home Malware Programs Mac Malware OSX.Musminim

OSX.Musminim

Posted: March 1, 2011

With the introduction of the OSX.Musminim Trojan to the wild, Mac OS X users have malware of their own to be wary of right alongside Windows users. This recent and still incomplete Trojan will taunt the user with various messages and may open websites under its own power. Because this Trojan is considered a security risk with potential spyware and remote attack applications, you shouldn't wait to delete OSX.Musminim even though its functions aren't yet fully fleshed out!

'I'm a Mac' is at Risk, Too

The OSX.Musminim Trojan is a variation on the preexisting Windows-based darkComet Trojan and has similar functionality. Since OSX.Musminim was detected early in 2011, anti-malware products that haven't been updated in recent times may let OSX.Musminim through instead of identifying and deleting OSX.Musminim. Although OSX.Musminim is based on a Windows Trojan, OSX.Musminim is specific to the Mac OS X.
 
OSX.Musminim is readily observable to be in partial development, but some of its attacks reported so far include the following:

  • The opening of the following TCP ports: 7777, 7779, 7780, 7781, 7782, 9999, 10000, 10001, 10004 and 10005. Open ports allow for unauthorized traffic with the infected computer.
  • The execution of shell commands. The shell is the underlying Unix-based system beneath the visual interface of the Mac OS X.
  • Websites opening spontaneously; this is a result of URLs sent by the client half of the program.
  • Imitation administrator windows. These may be used to gather passwords from duped Mac users.
  • Rebooting or shutting down the computer for no reason.
  • Creating unwanted text files on the desktop.

Most of these attacks tie in to OSX.Musminim's primary purpose as a backdoor Trojan that allows remote attackers access.

The Most Obvious Warning Sign of All

The criminal mind behind OSX.Musminim has also exhibited some cockiness in his or her programming, as the Trojan also incorporates the use of brazen messages like these:
 
'I am a Trojan Horse, so I have infected your Mac Computer'
'I know, most people think Macs can't be infected, but look, you ARE infected!'
'I have full controll over your Computer and I can do everything I want, and you can do nothing to prevent it.'
'So, I’m a very new Virus, under Development, so there will be much more functions when I’m finished'

 
Once these messages are complete, the only option for the user is to reboot the computer. As a burgeoning danger for Mac users everywhere, this Trojan shouldn't be overlooked as a serious security risk.

MusMinim is has evolved over time recently to transform its capabilities into an aggressive scam. MusMinim is able to trick administrative login credentials from the user of an infected system. This is usually performed through a pop-up 'administrator password' window. The hackers in control of MusMinim may use the login information to take control of the infected system where phishing and spam emails can be initiated and sent from the system plagued with MusMinim.

Deleting OSX.Musminim, also known as 'BlackHole RAT,' should be taken as one's foremost duty whenever a computer is harassed by OSX.Musminim.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %temp%\[RANDOM CHARACTERS]

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
Loading...