Intego this week released a security memo warning of a new malware variant for Mac OS X named “OSX/HellRTS.D”. When installed on the computer, the software initiates a backdoor that opens the computer to remote control and infection for malicious intent.
HellRTS.D is based on an earlier version for Mac OS X that was discovered in 2004. A RealBasic-based universal binary, the malware can affect both PowerPC and Intel-based Macs if installed. Once installed, the software performs a multitude of tasks and leaves the computer open to various damaging actions:
"It sets up its own server and configures a server port and password. It duplicates itself, using the names of different applications, adding the new version to a user’s login items, to ensure that it starts up at login. (These different names can make it hard to detect, not only in login items, but also in Activity Monitor.) It can send e-mail with its own mail server, contact a remote server, and provide direct access to an infected Mac. It can also perform a number of operations such as providing remote screen-sharing access, shutting down or restarting a Mac, accessing an infected Mac’s clipboard, and much more."
The good news for Mac users though is that Intego rates the risk of infection as “Low” and that no Macs have been found to be infected in the wild. Installation requires physical access to the computer and the malware is only being distributed among some forums. Intego’s VirusBarrier X6 can identify and remove the malware if found on the computer.
Image credit Intego.