Researchers at Intego have discovered a new variant of the Mac malware HellRTS circulating on a hacker forum.
HellRTS.D a new iteration of Mac OS X malware first spotted in 2004, and opens a backdoor that enables remote users to take control of infected computers. So far, the company has not found any computers infected with the malware, but issued an advisory on it nonetheless.
“This type of malware is added as payload to a Trojan horse,” the company told eWEEK in an e-mail. “The first variant of this malware was disguised as a poker game, but other, more recent, Trojan horses pretend to be video codecs, or are hidden in installers for pirated software.”
Built in RealBasic, HellRTS is universal binary able to run on both PowerPC- and Intel-Based Macs and is able to perform a number of operations if installed on a Mac.
“It sets up its own server and configures a server port and password,” according to the advisory. “It duplicates itself, using the names of different applications, adding the new version to a user’s login items, to ensure that it starts up at login. It can send e-mail with its own mail server, contact a remote server, and provide direct access to an infected Mac.”
It can also perform a number of operations such as providing remote screen-sharing access and accessing an infected Mac’s clipboard, the company advised.
Intego VirusBarrier X6 detects the malware as OSX/HellRTS.D.