Yes, now all the threats come via the web and it doesn’t matter too much which platform you use, but the security Apple has put in their user accounts is the most robust I’ve seen today. But not even it is able to withstand the onslaught of some Trojans that are appearing , as is the case of Proton RAT.
According to the comments from ZDNet, this is a work of art made of malicious code. Proton RAT is already circulating in Russian forums dedicated to cybercrime on the dark web and claims to be able to take full control of a Mac remotely . Not only that, but it is also capable of taking over your Apple account even if you have two-step verification enabled.
This YouTube video shows us how it works:
You can basically order the services of the trojan from a website by choosing a payment plan that suits your needs . You pay a few bitcoins and that’s it, you just have to choose which application you are going to disguise yourself with so that you can trick your victim into downloading and installing it without him noticing the trojan. Once installed, Proton RAT can simulate dialog boxes that ask you for passwords, credit cards… perfect for inexperienced users.
Obviously Proton ARP is offered as a surveillance program for employees and minors, or to be able to spy on someone we believe is cheating us. But the capabilities of this Trojan can go far beyond that when it falls into the wrong hands.
If this is already circulating in the media I have no doubt that from Apple will already be working to block this Trojan , which of course reminds us that no operating system can be 100% secure. The certifications used in the “application-disguise” are authentic, which means that someone’s identity has been forged or directly stolen from some developer. The mission at Cupertino: locate those credentials, block them and find a way to prevent this from happening again.
The Trojan’s “official website”, ptn.is, has already stopped working.