There was a time when Mac computers were supposedly immune from trojans, malware, and other infections. But as the Mac market share grew in comparison to Windows, Mac became an irresistible target for hackers and cybercriminals.

A remote access trojan — RAT — is a type of malware that takes control of your Mac and steals data. Depending on how sophisticated it is, they can hide from antivirus software and modify various file and application settings.


Blackhole virus explained

With this virus, anyone with a Mac is lucky that when it came to light, it was only running a beta version. At the time of discovery, anyone who’d been infected was sent this message — it appeared as a popup — by the creator:

“Hello I’m the BlackHole Remote Administration Tool. I’m a trojan horse, so I have infected your Mac Computer. I know, most people think that Macs can’t be infected, but look, you ARE infected! I have full control over your Computer and I can do everything I want, and you can do nothing to prevent it. So, I’m a very new virus, under Development, so there will be much more functions when I’m finished. But for now, it’s okay what I can do. To show you what I can do, I will reboot your Computer after you have clicked the Button right down.”

Although odd, clearly, the developer was proud enough of what they created that they wanted to brag about it.

Typically, Blackhole virus enters your Mac by hijacking your User & Groups settings:

Unlike other trojan viruses — also known as the MusMinim virus — this early admission and the fact it was caught during the beta phase has made it easier for antivirus companies to come up with a solution. According to Sophos, an information security company, this backdoor trojan “is a very basic variation of darkComet, a well-known Remote Access Trojan (RAT) for Microsoft Windows. The source code for darkComet is freely available online.”

The biggest risk users of infected Mac computers face is that MusMinim or Blackhole prompts people to enter their administration/login password. Once the command-and-control server has this from your Mac, it can collect sensitive data and keep an eye on keystrokes and passwords, able to use it for malicious purposes later.

Blackhole is also known for forcing Macs to shut down and restart. It can run shell commands and open websites unprompted, or the Mac will unexpectedly go to sleep. Other signs that your Mac is infected include mysterious text files appearing, and the creator wanted that there would be more advanced functionality as the virus develops further.

It is unknown at present how many Mac computers were infected or which countries this RAT has spread to, although it is believed to have originated in the U.S.

Sophos warns that “Trojans like this are frequently distributed through pirated software downloads, torrent sites, or anywhere you may download an application expecting to need to install it.”

How to remove the Blackhole virus from my Mac?

No one wants to be infected.

Especially when a virus can take remote control of your Mac, thereby creating a vulnerability that could be exploited by other cyber criminals and viruses, such as ransomware and spyware that can record your screen and audio and even try and extort money from you.

Although this Trojan RAT was spotted early on, it doesn’t mean that your Mac might not be infected. If your Mac has ever experienced any of the symptoms mentioned in this article, Blackhole could be behind them.

One way to remove malware — or any kind of virus — is manual removal. It isn’t the easiest of options, unfortunately. Malware and especially backdoor trojan viruses, such as Blackhole, are good at hiding. They don’t want to be found, so, obviously, they won’t label the files ‘Blackhole RAT.’ Another reason it is difficult to remove a virus manually is they — the same as apps — deposit files all over your Mac. So, to find them, you’ve got to work out or find what you are looking for and then go through every possible application folder, such as Library, Cache, Preferences, Applications, and numerous others.

Once you’ve done that, which can take a while, you should be able to haul everything that shouldn’t be on your Mac to the Bin and then empty it. But be careful that you don’t delete an application your Mac needs to operate. That is always one of the risks of removing anything manually.

A safer way to remove the Blackhole virus

It is far safer and quicker to download CleanMyMac ( you can try the app for free).

This app is notarized by Apple, which means it doesn’t contain any malicious components. It’s rather a suite of many tools that analyze the health of your macOS. The app will scan your Mac for viruses, trojans, and malware that many fake “Mac optimizers” can miss. Once it finds everything that has infected your Mac with its Malware Removal tool, you can click Remove, deleting Blackhole safely from your Mac. 

This is an example of how the app works:

Removing threats

The Blackhole RAT virus is not something your Mac wants or needs. It can take control of your Mac and create an avenue for other cybercriminals and viruses. Also, it will take as much sensitive data as it can. Watch out for any unexpected download that asks you to enter your administration/login password. The new version of Blackhole won’t alert users to the fact that they’ve been infected.

With the right scanning and removal tool or a manual search through your Mac, you can remove this trojan.