SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Allegedly “Undetectable” Malware Offered for Hefty Darknet Price Tag

Posted on March 22, 2017

Though many of its now-famous hidden marketplaces have been taken down by law enforcement, the darknet continues to be a home for the web’s seediest characters. The latest item to hit the market and generate buzz isn’t an illegal substance — instead, it’s illegal software. Several outlets have reported that an anonymous darknet user is currently making attempts to sell an allegedly unreleased “remote administration tool,” or RAT, for Macs.

Dubbed “Proton,” when installed this software gives attackers full control over a user’s machine. That includes downloading more malware, accessing your Mac’s webcam, or stealing files off the hard drive. An attacker could accomplish all of this without ever alerting the user to the compromised nature of their machine. In other words, it’s a very powerful tool. Additionally, the hackers selling the malware claim they can provide a valid security certificate to accompany the software. Therefore, macOS’s Gatekeeper feature would simply see the malware as a valid piece of Apple software.

If it were to function as described, it would indeed be a powerful piece of malware. Perhaps more startling than the author’s functionality claims is the malware’s price tag. The author is asking for 40 bitcoins, the equivalent of about $50,000. Though one might expect that price to fluctuate, there is yet no evidence that any buyers have taken an interest in the offering. Some researchers speculate this is because other Mac RATs are already available for free — attackers just need to find a way to trick users into installing them.

Will Proton be malware that users need to worry about anytime soon? It’s difficult to say. Even so, security researchers now know of its existence. Should it reach the public Internet, detecting it will only be a matter of time. This reminds us of the need for a clear and continuous focus on security.

As always, it is important for you to continue being cautious wherever you go on the web. Pay attention to the links you click on and where they lead to, and beware of downloading anything from untrustworthy websites. Generally speaking, there are only a few places on the web from which you should trust downloads. While it seems unlikely that this particular piece of malware will hit the web — if it even works — users should continue to be mindful. Staying safe and secure in a digital world is no part time job, after all.

Join our mailing list for the latest security news and deals