Computer security firm Intego has identified a potential malware threat for Mac OS X. Named HellRTS, the code “opens a backdoor that allows remote users to take control of infected Macs and perform actions on them” according to the report. The memo describes the possible effects of the malware:
HellRTS, built in RealBasic, and a Universal Binary able to run on both PowerPC- and Intel-Based Macs, is able to perform a number of operations if installed on a Mac. It sets up its own server and configures a server port and password. It duplicates itself, using the names of different applications, adding the new version to a user’s login items, to ensure that it starts up at login. (These different names can make it hard to detect, not only in login items, but also in Activity Monitor.) It can send e-mail with its own mail server, contact a remote server, and provide direct access to an infected Mac. It can also perform a number of operations such as providing remote screen-sharing access, shutting down or restarting a Mac, accessing an infected Mac’s clipboard, and much more.
The risk associated with the HellRTS code is described as low, as it requires physical installation on a Mac. There are no cases of the infections in the wild, however, the code is being distributed on a number of forums, and may be used to attack Macs in the future. The code could also be deployed as a trojan, by convincing a Mac user that the installer code is a legitimate program.
Intego’s Virus Barrier X6 can find and eliminate any threat posed by HellRTS. Other anti-virus software will undoubtedly be upgraded to catch the bug in the near future.