How to detect blackshades Trojan horse

See the Mac Malware guide and Klaus1's virus guide.

HotJohnnieNYC wrote:

How can I find out if this malware is present on my Mac and if it is how can I remove it?

Do you have Windows install on a Bootcamp parition or a VM? If so, follow whatever procedures exist for finding and removing the malware on Windows. If not, then you don't have it.

Blackshades is Windows malware, and as such, does not and cannot affect the Mac. You have nothing to fear from that.

You are asking a "does there exist" question? The answer is obviously yes. But the hoops required to get the software installed on a Mac are much greater. Generally, the malware will have to ask your permission. Any software that asks permission to do anything should be scrutinized by carefully.

HotJohnnieNYC wrote:

Is there anything like it that can affect a Mac?

There is malware that can affect the Mac. Although this has not always been the case, at this time, all Mac threats require you to open some app in order to become infected. Generally, this happens by tricking you into opening it.

Once you open malware, most of it actually will not ask for any kind of permission. You will typically see the "this was downloaded from the internet, are you sure you want to open it" warning and that's it. It's actually quite rare that malware will request your admin password, as there are ways to infect the user account that are every bit as effective as gaining root access to infect the computer as a whole.

Most malware is blocked directly by Mac OS X, but not all is. You cannot assume that Mac OS X will protect you. Similarly, if you install anti-virus software, you cannot assume that will protect you. No such protection is, or can ever be, 100% reliable.

For more information on what the threats are and how to protect yourself, see my Mac Malware Guide.

(Fair disclosure: The Safe Mac is my site, and contains a Donate button, so I may receive compensation for providing links to The Safe Mac. Donations are not required.)

Do not fully agree with you. The Blackshades could be located in the Visitor account disk space and interact with the processors presenting itself as a bootcamp windows instructions. It is therefore very important to lock the EFI.

You cannot "lock" the EFI. The only thing close to that is having a firmware password applied you need to enter before the Mac will boot to the desktop. After that, the EFI (and the rest of the system) is open.

Also, please explain how software sitting in a visitor user account can be active when you are not logged into that account. Like any other software on a drive, it cannot spontaneously load on its own.

Since it is Windows only malware, it cannot in any way load/run on a Mac in the first place.

Enterprise Risk Management wrote:

Do not fully agree with you. The Blackshades could be located in the Visitor account disk space and interact with the processors presenting itself as a bootcamp windows instructions. It is therefore very important to lock the EFI.

None of that makes any sense at all. I honestly don't know what you're saying you think could happen. However, unless you're running Windows on your Mac, Blackshades cannot affect you.

The above is useful information 🙂 .. but I am wondering what are the symptoms you would see on your computer for Blackshades?

Thanks

Essentially, none. That is currently the main goal of almost all malware. Get on your system and hopefully, never be found, or noticed.

In the meantime, it tries to capture keystrokes (to get bank and other login passwords and ID's). Blackshade also tries to access your built in webcam, if your system has one. Possibly to get a photo of you to make more convincing false identification cards, or other such documentation.

But it's all moot regarding a Mac. You cannot be infected, even if you download the software in some manner.