Cybercrooks charging more than the price of a new car for undetectable Mac malware

If you've got 40 Bitcoin burning a hole in your pocket...

Got Tips? 7 Reg comments
Mac malware

Cybercriminals are attempting to flog a supposedly undetectable Mac malware strain on the dark web for 40BTC ($50,000) a pop.

The Proton malware boasts capabilities including taking full control of macOS devices by evading antivirus detection, its sellers claim. Hackers offered to add an Apple-approved developer signature to the attacker's custom RAT software in order to bypass Apple's Gatekeeper protection on targeted Macs, according to Mac security firm Intego.

Offers touting the malware first appeared on a Russian cybercrime message board last month and were first reported by Israeli threat intelligence firm Sixgill.

Security experts are sceptical as to whether the nasty will find many buyers.

Chris Doman, security researcher at security dashboard firm AlienVault commented: "At 40 Bitcoin for unlimited installs, and far more for access to the source code, this is still an expensive rat. Particularly considering RATs for macOS are now available for free. It's likely this pricing is intended to limit the distribution – and so detection by security vendors.

"Whilst Proton is marketed on dark web forums, it also has promotional YouTube videos and a (now down) public website. It may have attracted more attention than the malware author was hoping."

Kyle Wilhoit, senior security researcher at DomainTools, added that would-be buyers would likely be able to haggle over the price. "Typically, just like negotiating the price for a car, adversaries will negotiate the price lower than what's being asked, or the malware authors themselves will lower the price," he said. ®

Sponsored: Webcast: Simplify data protection on AWS


Biting the hand that feeds IT © 1998–2020