Long gone are the days when it was considered that the Mac is not afraid of the Trojans, as their is simply no one writes. Experts Sixgill found on the Russian forum on the darknet and put up for sale most dangerous “malware” for macOS, called Proton. The authors expect to sell it for 40 bitcoins, which at current exchange rates equals approximately $50,000. For those who have no such money, there are cheaper offer: 2 bitcoins ($2500) in a single setup.
According to experts, Proton written in Objective C and are not detected by existing anti-virus solutions. The malware is advertised as a “professional FUD-solution for surveillance and control”, able to get root access to the computer and actually seize control of it. To spread the malware is offered under the guise of various legitimate applications. The buyer will be able to easily change the icon and the name of the virus.
Proton includes the functions of a Keylogger can capture snapshots of your desktop, remotely activate the webcam. It is also able to steal user files, uploading them to a remote server or download arbitrary files on the infected machine. In addition, Proton can show the victim a custom window requesting information about the Bank card, driver license or other confidential data. In addition, according to Xaker, the Trojan is able to access the iCloud Makovoda, even if the active two-factor authentication.
But worst of all is the fact that the creators of the Proton were able to circumvent the mechanisms of control of Apple, because the company has strict requirements for third-party applications. In the end, the code of the Trojan has a genuine signature, cheating defense mechanisms. The researchers suggest that the virus writers either use a fake Apple ID for Apple Developer Program, or use stolen from other developers credentials. Anyway, as a result, attackers have all the necessary certificates.
Proton advertised not only on the darknet. In addition, the malware has an official website and even demo videos on YouTube.
According to experts, to obtain root privileges on the computer Proton exploits the vulnerability of “zero day”, which is obviously unknown to the General public and is property of the authors malware.