Calisto Malware, a precursor to the nasty Proton Mac OS malware was recently detected by researchers in May 2018. This piece of code, supposedly a precursor was uploaded on VirusTotal back in 2016. It remained undetected for nearly 2 years before being found recently.
Calisto Malware seems to have been the RAW version of the Proton Remote Access Trojan which infected systems in 2017. The Researchers deduced that many features of the Calisto Malware were still under development and were similar to the Proton Remote Access Trojan.
The Proton remote access Trojan had Features which were not present in the Calisto Malware and were probably later developed and implemented in it. The Calisto malware file is an unsigned DMG image that was disguised as an Intego’s Security solution provided for Mac OS.
The Proton Remote Access Trojan was being offered on sale by cyber miscreants on an underground hacking forum between a price ranging from $1,200 and $820,000 for the whole software project.
The Proton RAT malware’s first victim was the website of the Handbrake app. The threat actors infected the official application with the Proton Malware. Later in October 2017, many legitimate applications such as Elmedia Player and its download manager Folx were infected by this malware for Mac OS.
Being Remote Access Trojans, both Calisto and Proton give full access to the threat actors to the user’s System. The Cyber miscreants are able to have control over the following features using the Calisto Malware:
There were some features which were found to be unfinished or under development:
It should be mentioned that the Calisto malware was developed before Apple rolled out the System integrity Protection or SIP security mechanism for Mac OS. Since, it was developed before SIP, Calisto was unable to bypass many of the security measures implemented by Apple. The Threat actors failed to take into account the new security technology and did not enable capabilities to bypass and infect critical files of the Apple systems. Apple had announced the SIP security mechanism in 2015 with the Mac OSX El Capitan.
Users are advised to keep the SIP security Features Enabled to keep their system protected from malware threats such as Calisto and Proton. Some Precautions that a user needs to implement on their System are:
The developers of Calisto seem to have abandoned the malware for Proton Remote access Trojan. With no activity for almost two years after Calisto was uploaded on the VirusTotal site and its inability to breach the SIP security mechanism, this virus is a lesser risk then the Proton Remote Access Trojan.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.