HotJohnnieNYC

Q: How to detect blackshades Trojan horse

Today's news about a crackdown on the use of the Trojan horse malware called Blackshades has me worried my Mac might be already infected/affected. How can I find out if this malware is present on my Mac and if it is how can I remove it?

Posted on May 19, 2014 2:04 PM

Close

Q: How to detect blackshades Trojan horse

  • All replies
  • Helpful answers

  • by baltwo,

    baltwo baltwo May 19, 2014 2:05 PM in response to HotJohnnieNYC
    Level 9 (62,256 points)
    May 19, 2014 2:05 PM in response to HotJohnnieNYC
  • by etresoft,Helpful

    etresoft etresoft May 19, 2014 2:08 PM in response to HotJohnnieNYC
    Level 7 (29,350 points)
    Mac OS X
    May 19, 2014 2:08 PM in response to HotJohnnieNYC

    HotJohnnieNYC wrote:

     

    How can I find out if this malware is present on my Mac and if it is how can I remove it?

    Do you have Windows install on a Bootcamp parition or a VM? If so, follow whatever procedures exist for finding and removing the malware on Windows. If not, then you don't have it.

  • by thomas_r.,Helpful

    thomas_r. thomas_r. May 19, 2014 4:56 PM in response to HotJohnnieNYC
    Level 7 (30,934 points)
    Mac OS X
    May 19, 2014 4:56 PM in response to HotJohnnieNYC

    Blackshades is Windows malware, and as such, does not and cannot affect the Mac. You have nothing to fear from that.

  • by HotJohnnieNYC,

    HotJohnnieNYC HotJohnnieNYC May 20, 2014 1:11 AM in response to HotJohnnieNYC
    Level 1 (10 points)
    May 20, 2014 1:11 AM in response to HotJohnnieNYC

    Is there anything like it that can affect a Mac?

  • by etresoft,

    etresoft etresoft May 20, 2014 3:09 AM in response to HotJohnnieNYC
    Level 7 (29,350 points)
    Mac OS X
    May 20, 2014 3:09 AM in response to HotJohnnieNYC

    You are asking a "does there exist" question? The answer is obviously yes. But the hoops required to get the software installed on a Mac are much greater. Generally, the malware will have to ask your permission. Any software that asks permission to do anything should be scrutinized by carefully.

  • by thomas_r.,Solvedanswer

    thomas_r. thomas_r. May 20, 2014 5:27 AM in response to HotJohnnieNYC
    Level 7 (30,934 points)
    Mac OS X
    May 20, 2014 5:27 AM in response to HotJohnnieNYC

    HotJohnnieNYC wrote:

     

    Is there anything like it that can affect a Mac?

     

    There is malware that can affect the Mac. Although this has not always been the case, at this time, all Mac threats require you to open some app in order to become infected. Generally, this happens by tricking you into opening it.

     

    Once you open malware, most of it actually will not ask for any kind of permission. You will typically see the "this was downloaded from the internet, are you sure you want to open it" warning and that's it. It's actually quite rare that malware will request your admin password, as there are ways to infect the user account that are every bit as effective as gaining root access to infect the computer as a whole.

     

    Most malware is blocked directly by Mac OS X, but not all is. You cannot assume that Mac OS X will protect you. Similarly, if you install anti-virus software, you cannot assume that will protect you. No such protection is, or can ever be, 100% reliable.

     

    For more information on what the threats are and how to protect yourself, see my Mac Malware Guide.

     

    (Fair disclosure: The Safe Mac is my site, and contains a Donate button, so I may receive compensation for providing links to The Safe Mac. Donations are not required.)

  • by Enterprise Risk Management,

    Enterprise Risk Management Enterprise Risk Management May 20, 2014 5:36 AM in response to etresoft
    Level 1 (0 points)
    May 20, 2014 5:36 AM in response to etresoft

    Do not fully agree with you. The Blackshades could be located in the Visitor account disk space and interact with the processors presenting itself as a bootcamp windows instructions. It is therefore very important to lock the EFI.

  • by Kurt Lang,

    Kurt Lang Kurt Lang May 20, 2014 6:27 AM in response to Enterprise Risk Management
    Level 8 (37,999 points)
    Mac OS X
    May 20, 2014 6:27 AM in response to Enterprise Risk Management

    You cannot "lock" the EFI. The only thing close to that is having a firmware password applied you need to enter before the Mac will boot to the desktop. After that, the EFI (and the rest of the system) is open.

     

    Also, please explain how software sitting in a visitor user account can be active when you are not logged into that account. Like any other software on a drive, it cannot spontaneously load on its own.

     

    Since it is Windows only malware, it cannot in any way load/run on a Mac in the first place.

  • by thomas_r.,

    thomas_r. thomas_r. May 20, 2014 6:31 AM in response to Enterprise Risk Management
    Level 7 (30,934 points)
    Mac OS X
    May 20, 2014 6:31 AM in response to Enterprise Risk Management

    Enterprise Risk Management wrote:

     

    Do not fully agree with you. The Blackshades could be located in the Visitor account disk space and interact with the processors presenting itself as a bootcamp windows instructions. It is therefore very important to lock the EFI.

     

    None of that makes any sense at all. I honestly don't know what you're saying you think could happen. However, unless you're running Windows on your Mac, Blackshades cannot affect you.

  • by val-computer-lady,

    val-computer-lady val-computer-lady May 20, 2014 8:46 AM in response to HotJohnnieNYC
    Level 1 (4 points)
    Mac App Store
    May 20, 2014 8:46 AM in response to HotJohnnieNYC

    The above is useful information .. but I am wondering what are the symptoms you would see on your computer for Blackshades? 

     

    Thanks

  • by Kurt Lang,

    Kurt Lang Kurt Lang May 20, 2014 8:52 AM in response to val-computer-lady
    Level 8 (37,999 points)
    Mac OS X
    May 20, 2014 8:52 AM in response to val-computer-lady

    Essentially, none. That is currently the main goal of almost all malware. Get on your system and hopefully, never be found, or noticed.

     

    In the meantime, it tries to capture keystrokes (to get bank and other login passwords and ID's). Blackshade also tries to access your built in webcam, if your system has one. Possibly to get a photo of you to make more convincing false identification cards, or other such documentation.

     

    But it's all moot regarding a Mac. You cannot be infected, even if you download the software in some manner.