{"id":2467,"date":"2011-03-30T17:36:47","date_gmt":"2011-03-31T00:36:47","guid":{"rendered":"http:\/\/blog.intego.com\/?p=2467"},"modified":"2016-02-12T10:00:53","modified_gmt":"2016-02-12T18:00:53","slug":"intego-discovers-new-improved-blackhole-rat-variant","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/","title":{"rendered":"Intego Discovers New, Improved BlackHole RAT Variant"},"content":{"rendered":"<p>We reported on a barely-threatening <a href=\"https:\/\/www.intego.com\/mac-security-blog\/black-hole-rat-is-really-no-big-deal\/\">remote administration tool, called BlackHole RAT<\/a>, in late February. At the time, this was a non-event, as it was not being distributed in any efficient manner, and was more or less a proof of concept. Intego&#8217;s security researchers have spotted a new variant of this malware, OSX\/BlackHoleRAT.B, which features some improvements over the original, but is still not a very serious threat.<\/p>\n<p><center><br \/>\n<img loading=\"lazy\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/02\/blackhole-client1.png\" alt=\"\" title=\"blackhole-client\" width=\"402\" height=\"343\" class=\"aligncenter size-full wp-image-2397\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/02\/blackhole-client1.png 402w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/02\/blackhole-client1-300x255.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/02\/blackhole-client1-100x85.png 100w\" sizes=\"(max-width: 402px) 100vw, 402px\" \/><br \/>\n<\/center><\/p>\n<p>The RAT backoor is in a faceless background application named &#8220;Safari.app,&#8221; like the Safari web browser. In addition to the backdoor in the original version, this variant also contains a binary called &#8220;isightcapture&#8221; that can take screenshots and photos using a Mac&#8217;s iSight camera and send them to remote servers. Beyond these improvements, the risk of this is still low. It is not found in the wild, and, while there are improvements, there is no efficient Trojan horse available. (The developer of this software claims there will be one named &#8220;Adobe CS5 Master Suit Crack,&#8221; presumably disguised as a tool to crack Abode CS5.)<\/p>\n<p>So, for now, still nothing to worry about, but it&#8217;s good to be aware that there are hackers out there trying hard to get into Macs.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We reported on a barely-threatening remote administration tool, called BlackHole RAT, in late February. At the time, this was a non-event, as it was not being distributed in any efficient manner, and was more or less a proof of concept. Intego&#8217;s security researchers have spotted a new variant of this malware, OSX\/BlackHoleRAT.B, which features some [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190],"tags":[2719,86],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"We reported on a barely-threatening remote administration tool, called BlackHole RAT, in late February. At the time, this was a non-event, as it was not\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Intego Discovers New, Improved BlackHole RAT Variant - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"We reported on a barely-threatening remote administration tool, called BlackHole RAT, in late February. At the time, this was a non-event, as it was not\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2011-03-31T00:36:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-02-12T18:00:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/02\/blackhole-client1.png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Peter James\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/02\/blackhole-client1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/02\/blackhole-client1.png\",\"width\":\"402\",\"height\":\"343\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/\",\"name\":\"Intego Discovers New, Improved BlackHole RAT Variant - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#primaryimage\"},\"datePublished\":\"2011-03-31T00:36:47+00:00\",\"dateModified\":\"2016-02-12T18:00:53+00:00\",\"description\":\"We reported on a barely-threatening remote administration tool, called BlackHole RAT, in late February. At the time, this was a non-event, as it was not\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Intego Discovers New, Improved BlackHole RAT Variant\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\"},\"headline\":\"Intego Discovers New, Improved BlackHole RAT Variant\",\"datePublished\":\"2011-03-31T00:36:47+00:00\",\"dateModified\":\"2016-02-12T18:00:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#webpage\"},\"wordCount\":207,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/02\/blackhole-client1.png\",\"keywords\":[\"BlackHole RAT\",\"Malware\"],\"articleSection\":[\"Malware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\",\"name\":\"Peter James\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"caption\":\"Peter James\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"We reported on a barely-threatening remote administration tool, called BlackHole RAT, in late February. At the time, this was a non-event, as it was not","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/","og_locale":"en_US","og_type":"article","og_title":"Intego Discovers New, Improved BlackHole RAT Variant - The Mac Security Blog","og_description":"We reported on a barely-threatening remote administration tool, called BlackHole RAT, in late February. At the time, this was a non-event, as it was not","og_url":"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/","og_site_name":"The Mac Security Blog","article_published_time":"2011-03-31T00:36:47+00:00","article_modified_time":"2016-02-12T18:00:53+00:00","og_image":[{"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/02\/blackhole-client1.png"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Peter James","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/02\/blackhole-client1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/02\/blackhole-client1.png","width":"402","height":"343"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/","name":"Intego Discovers New, Improved BlackHole RAT Variant - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#primaryimage"},"datePublished":"2011-03-31T00:36:47+00:00","dateModified":"2016-02-12T18:00:53+00:00","description":"We reported on a barely-threatening remote administration tool, called BlackHole RAT, in late February. At the time, this was a non-event, as it was not","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Intego Discovers New, Improved BlackHole RAT Variant"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116"},"headline":"Intego Discovers New, Improved BlackHole RAT Variant","datePublished":"2011-03-31T00:36:47+00:00","dateModified":"2016-02-12T18:00:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#webpage"},"wordCount":207,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2011\/02\/blackhole-client1.png","keywords":["BlackHole RAT","Malware"],"articleSection":["Malware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/intego-discovers-new-improved-blackhole-rat-variant\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116","name":"Peter James","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","caption":"Peter James"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/"}]}},"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-DN","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/2467"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=2467"}],"version-history":[{"count":1,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/2467\/revisions"}],"predecessor-version":[{"id":50128,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/2467\/revisions\/50128"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=2467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=2467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=2467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}