A new Remote Access Tool (RAT) attacks macOS using a zero-day vulnerability to gain root access.
The malware was named Proton, according to Sixgill researchers, it was found on a Russian closed forum for cybercriminals. At the moment, the malware is offered $ 2,500 for one-time use, and for 10 bitcoins you can get it for unlimited use.
According to the expert, Proton was written in Objective C and is completely undetectable by existing antivirus programs for macOS.
Proton is touted by the authors as a tool capable of giving an attacker full control over the victim's computer. The malware can execute any bash command as root, monitor keystrokes, upload and download files, take screenshots, receive updates and send notifications to the attacker.
Proton also allows an attacker to connect via SSH / VNC to an infected machine. In addition, this tool is also capable of providing iCloud access even if two-factor authentication is enabled.
According to Sixgill, the malware has genuine Apple Code Signing signatures. Most likely, its author tricked Apple's filtering process for third-party software developers by registering with the Apple Developer Program under a fake ID, or by using stolen developer credentials to obtain the required certificates.
In order to infect a macOS device, attackers must disguise it as a legitimate application and force the user to download and install it.
The malware was named Proton, according to Sixgill researchers, it was found on a Russian closed forum for cybercriminals. At the moment, the malware is offered $ 2,500 for one-time use, and for 10 bitcoins you can get it for unlimited use.
According to the expert, Proton was written in Objective C and is completely undetectable by existing antivirus programs for macOS.
Proton is touted by the authors as a tool capable of giving an attacker full control over the victim's computer. The malware can execute any bash command as root, monitor keystrokes, upload and download files, take screenshots, receive updates and send notifications to the attacker.
Proton also allows an attacker to connect via SSH / VNC to an infected machine. In addition, this tool is also capable of providing iCloud access even if two-factor authentication is enabled.
According to Sixgill, the malware has genuine Apple Code Signing signatures. Most likely, its author tricked Apple's filtering process for third-party software developers by registering with the Apple Developer Program under a fake ID, or by using stolen developer credentials to obtain the required certificates.
In order to infect a macOS device, attackers must disguise it as a legitimate application and force the user to download and install it.
