macOS Proton malware is undetectable, available on the dark web for 40 BTC

Security / Tech
Operation Avalanche

Proton can work its way into nearly every aspect of your macOS device, leaving almost nothing that the attacker cannot access.

Malware is undoubtedly a growing problem for nearly everybody. Even relatively clean sites and services have been inundated with malware, making it more important than ever to have a solid computer security plan in place. Proton malware is a new threat for macOS that allows users to take complete control over the victim’s computer. Once installed Proton is completely undetectable.

Proton is a Remote Administration Tool (RAT) discovered by the team at Sixgill, a company that searches for possible attacks and breaches originating from the Dark Web before they can be executed. The software originally carried a hefty price tag of 100 BTC (roughly $100,000USD) for use on unlimited computers, though the devs have recently reduced the price to a mere 40 BTC for unlimited access. A single-use “license” is also available for the low price of 2 BTC.

Even more nefarious, the developers have somehow made Proton appear to be a legitimate Apple program, as Sixgill states in their report:

The author of Proton RAT somehow got through the rigorous filtration process Apple places on MAC OS developers of third-party software, and obtained genuine certifications for his program. Sixgill evaluates that the malware developer has managed to falsify registration to the Apple Developer ID Program or used stolen developer credentials for the purpose.

Proton can work its way into nearly every aspect of your macOS device, leaving almost nothing that the attacker cannot access. Sixgill provided a screenshot detailing some of the RAT’s features:

The devs have taken specific care to ensure that this RAT is fully undetectable (FUD). They claim they want to sell Proton on the up and up, though where they’re choosing to host their app says otherwise. If your goal was to sell your product to businesses, sysadmins, and parents, hosting and promoting your malware on a dark web marketplace probably isn’t your best first choice. If nothing else it shows that you’re also hoping that hackers, criminals, and other ne’er do well types also buy and use your program. Probably not the best look there.

What do you think about Proton malware? Let us know in the comment section below, or on Google+, Facebook, or Twitter.

  Source: HackRead
Comments
To Top