There was a time when Mac computers were supposedly immune from trojans, malware, and other infections. But as the Mac market share grew in comparison to Windows, Mac became an irresistible target for hackers and cybercriminals.

A remote access trojan — RAT — is a type of malware that takes control of your Mac and steals data. Depending on how sophisticated it is, they can hide from antivirus software and modify various file and application settings.

Blackhole virus explained

With this virus, anyone with a Mac is lucky that when it came to light, it was only running a beta version. At the time of discovery, anyone who’d been infected was sent this message — it appeared as a popup — by the creator:

“Hello I’m the BlackHole Remote Administration Tool. I’m a trojan horse, so I have infected your Mac Computer. I know, most people think that Macs can’t be infected, but look, you ARE infected! I have full control over your Computer and I can do everything I want, and you can do nothing to prevent it. So, I’m a very new virus, under Development, so there will be much more functions when I’m finished. But for now, it’s okay what I can do. To show you what I can do, I will reboot your Computer after you have clicked the Button right down.”

Although odd, clearly, the developer was proud enough of what they created that they wanted to brag about it.

Typically, Blackhole virus enters your Mac by hijacking your User & Groups settings:

Unlike other trojan viruses — also known as the MusMinim virus — this early admission and the fact it was caught during the beta phase has made it easier for antivirus companies to come up with a solution. According to Sophos, an information security company, this backdoor trojan “is a very basic variation of darkComet, a well-known Remote Access Trojan (RAT) for Microsoft Windows. The source code for darkComet is freely available online.”

The biggest risk users of infected Mac computers face is that MusMinim or Blackhole prompts people to enter their administration/login password. Once the command-and-control server has this from your Mac, it can collect sensitive data and keep an eye on keystrokes and passwords, able to use it for malicious purposes later.

Blackhole is also known for forcing Macs to shut down and restart. It can run shell commands and open websites unprompted, or the Mac will unexpectedly go to sleep. Other signs that your Mac is infected include mysterious text files appearing, and the creator wanted that there would be more advanced functionality as the virus develops further.

It is unknown at present how many Mac computers were infected or which countries this RAT has spread to, although it is believed to have originated in the U.S.

Sophos warns that “Trojans like this are frequently distributed through pirated software downloads, torrent sites, or anywhere you may download an application expecting to need to install it.”

How it spreads and why it’s dangerous

There are several ways that the Blackhole virus gets onto your device and spreads:

  1. Fake pop-ups: A pop-up may appear to tell you to install “Flash Player updates.” Needless to say, these updates are not authentic and shouldn’t be installed.
  2. Pirate software: Just in case you need another reason not to download pirated software (other than it being illegal), you can also count this as another reason. Any software you download could be riddled with malware.
  3. Configuration profiles: Some malicious apps will ask you for permission to add a configuration profile on your Mac. This gives it permission to install things and change settings.

Is Blackhole safe for Mac? By now, we’ve hopefully illustrated that it’s not. In fact, it’s very dangerous.

Blackhole will get onto your computer by any means necessary and start to slowly take over your Mac. Your personal and browsing data will be stolen to either be used or sold to other parties. It will load ads on your screen, which will lead to more malware. Finally, it will slow down and crash your device.

How to remove the Blackhole virus from my Mac?

Although this RAT was spotted early on, your Mac could still be infected. Blackhole is still making the rounds, and your Mac may be the latest victim. If your device has ever experienced any of the symptoms mentioned in this article, Blackhole could be the perpetrator behind them.

One way to remove malware or a virus is through manual removal. Unfortunately, manually removing malware isn’t the easiest of options.

Malware — especially backdoor trojan viruses, such as Blackhole — are very good at hiding in the inner depths of your Mac, where it’s very difficult to find them. Hackers don’t want their files to be found, so you probably won’t see a file named “Blackhole RAT.”

Another reason it is difficult to remove a virus manually is that viruses can deposit files throughout your machine. Finding them will involve searching through every possible folder on your Mac, including the Library, Cache, Preferences, Applications, and numerous others.

Here’s a checklist showing how to manually uninstall Blackhole on your Mac.

Shut down suspicious processes on Activity Monitor

The first step is to find any potentially malicious running processes and shut them down. So go to Activity Monitor and filter the processes so the ones taking up the most CPU and memory space appear at the top.

Do you see any that you don’t recognize? If there are any gibberish-sounding processes like “musminim,” shut them down by force-closing them. But be careful, as they may immediately start up again.

Delete any unknown or suspicious apps in Applications

Next, go to the Applications folder and look to see if there are any suspicious-looking apps there that you didn’t install. Look for ones with nonsensical names, blurry icons, or both. Securely delete them and empty the trash bin.

Delete any unknown apps in Login Items

Go to System Settings > General > Login Items. If you see any unfamiliar apps there, delete them and make sure the corresponding app in Applications is also gone.

Delete Launch Daemons and Launch Agents

Now, go to Finder and locate the following folders:

  • /Library/LaunchAgents
  • /Library/LaunchAgents
  • /Library/LaunchDaemons

Inside those folders, look for anything with the name “musminim.” An example could be com.musminim.plist.com . Delete them all.

Check for rogue configuration profiles

This is an important one. Go to System Settings > Privacy & Security > Profiles. If you see any configuration profiles that you didn’t create, delete them immediately.

This will likely require your administrator account details.

Go through your browser settings

Next, you should look closely at your browser settings. Some of them have likely been changed. Here’s how to do so in the most widely used web browsers.

Safari

  1. Safari > Settings > Extensions. Remove any unknown ones.
  2. Safari > Settings > General. Reset your homepage.
  3. Safari > Settings > Search. Reset your default search settings.
  4. Safari > Clear History… Delete all cache and temporary internet files.

Chrome

  1. Settings > Extensions > Manage Extensions. Remove any unknown ones.
  2. Settings > Appearance. Reset your homepage.
  3. Settings > Search Engine. Reset your default search settings.
  4. Settings > Privacy and Security. Delete all cache and temporary internet files.

Firefox

  1. Settings > Addons & Themes. Remove any unknown ones.
  2. Settings > Home. Reset your homepage.
  3. Settings > Search. Reset your default search settings.
  4. Settings > Privacy & Security. Delete all cache and temporary internet files.

A safer way to remove the Blackhole virus

Doing things manually doesn’t guarantee that the Blackhole virus will be eliminated. There’s always the chance that you’re going to overlook some of the files.

Therefore, the best approach to remove Blackhole from a Mac is to use an app that has been specially designed for the purpose of removing malware. That app is CleanMyMac, powered by Moonlock Engine. It will check every nook and crevice of your Macbook, find rogue files, and destroy them.

To show this isn’t marketing hyperbole, we provide you with a free trial so you can see for yourself how ruthlessly efficient CleanMyMac is.

Once you’ve signed up for a free trial and installed the software, do the following to begin hunting down the Blackhole virus:

  1. In the left sidebar are various features. The one you’re looking for is Protection.
  2. Click Configure Scan to set your preferred scan settings. We recommend selecting everything. You can never have enough protection.
  3. Return to the main screen. Now click the Scan button. CleanMyMac will begin its search for malware files and any other threats that may be lurking on your MacBook.
  4. When the Blackhole virus has been found and quarantined, CleanMyMac will present it to you in a list of discovered threats. Select them all and click Remove.
  5. Now select the Cleanup option in the left sidebar to brush away any junk files that may be left. This ensures a complete deletion.

The Blackhole RAT virus can take control of your Mac and create an avenue for other cybercriminals and viruses. Also, it will steal as much sensitive data as it can.

Watch out for any unexpected download that asks you to enter your administration/login password. The new version of Blackhole won’t alert users to the fact that they’ve been infected.

With the right scanning and removal tool or a manual search through your Mac, you can remove the Blackhole RAT.