{
	"id": "26f5dc93-f405-4d75-9a1c-e4fa85b2e250",
	"created_at": "2026-04-06T00:09:35.796091Z",
	"updated_at": "2026-04-10T03:20:02.475511Z",
	"deleted_at": null,
	"sha1_hash": "e39bf8c73c0f0813e704a3a0e6c38f74c55cbd50",
	"title": "Hackers Selling Undetectable Proton Malware for macOS in 40 BTC",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 277371,
	"plain_text": "Hackers Selling Undetectable Proton Malware for macOS in 40\r\nBTC\r\nBy Waqas\r\nPublished: 2017-02-18 · Archived: 2026-04-05 23:36:55 UTC\r\nHackers are selling a malware for Mac devices on a prominent dark web marketing claiming that it is undetectable\r\nand comes with capabilities including taking full control of macOS devices by evading anti-virus detection.\r\nDubbed Proton by its developers, the malware is a RAT (Remote Administration Tool) and is being sold in one of\r\nthe leading closed Russian cybercrime message boards. The discovery was made by Sixgill, a cyber-intelligence\r\ncompany that detects cyber-attacks and sensitive data leaks originating from the Dark Web before they occur.\r\nIn their threat report, researchers at Sixgill explained that the initial price of Proton RAT was 100 BTC (USD\r\n$100,000), but lately it is being sold 40 BTC (USD $41891) with unlimited installations while a license to install\r\non a single PC with genuine Apple certifications would set a cyber criminal back only 2 BTC.\r\nCapabilities of Proton RAT:\r\nProton comes with capabilities including taking full control of a targeted device, keylogging, Observers with SMS\r\nnotifications, SSH/VNC tunneling with VPS, webcam/screen surveillance, premium customer support, file\r\nuploadings, and downloads.\r\nhttps://www.hackread.com/hackers-selling-undetectable-proton-mac-malware/\r\nPage 1 of 4\n\nListing screenshot from the dark web message board\r\n“Proton can present a custom native window requesting information such as a credit card, driver’s license and\r\nmore. The malware also boasts the capability of iCloud access, even with 2FA enabled,” notes Sixgill.\r\nProton RAT, a threat against MAC OS:\r\nSixgill’s report also highlights the threat Proton possess against Mac OS. For instance, hackers are selling this\r\nmalware with genuine Apple code-signing signatures. This means there has been a lot of sophistication behind the\r\ndevelopment of Proton.\r\n“The author of Proton RAT somehow got through the rigorous filtration process Apple places on MAC OS\r\ndevelopers of third-party software, and obtained genuine certifications for his program. Sixgill evaluates that the\r\nmalware developer has managed to falsify registration to the Apple Developer ID Program or used stolen\r\ndeveloper credentials for the purpose,” reveals the report. \r\nThe report further goes on to explain that “gaining root privileges on MAC OS is only possible by employing a\r\npreviously unpatched 0-day vulnerability, which is suspected to be in possession of the author. Proton’s users then\r\nperform the necessary action of masquerading the malicious app as a genuine one, including a custom icon and\r\nname. The victim is then tricked into downloading and installing Proton.”\r\nDiscover more\r\nGaming security guides\r\nhttps://www.hackread.com/hackers-selling-undetectable-proton-mac-malware/\r\nPage 2 of 4\n\nSecurity software reviews\r\nCybersecurity courses\r\nA full list of Proton’s features can be checked below:\r\nScreenshot from Proton’s official website – Source: Sixgill\r\n“Sixgill’s Dark Web intelligence platform leads the way in early detection of cyber security threats when the\r\ndamage can still be avoided”, said Avi Kasztan, CEO and Co-founder of Sixgill. “Our analysts are constantly on\r\nthe lookout for new and emerging threats, and we work closely with law enforcement authorities to report this\r\nactivity.”\r\nThe developers have also uploaded a video demonstration on YouTube explaining how Proton works and\r\ninformation about its installation.\r\nhttps://www.hackread.com/hackers-selling-undetectable-proton-mac-malware/\r\nPage 3 of 4\n\nAlthough the threat report identified that hackers are aiming at selling Proton malware to companies, families,\r\nsysadmins and parents; it is obvious that putting their listings on the dark web cybercrime message boards is an\r\nopen offer for cyber criminals to take advantage of this malicious software.\r\nDiscover more\r\nTech news platform\r\nAntivirus software plans\r\nComputer Security\r\nThis is not the first time when hackers have been selling malicious software on a dark web marketplace. In the\r\npast, Stampado ransomware was also sold for just for Just $39. However, researchers, later on, discovered that\r\nStampado was not FUD as claimed by its developers.\r\nDDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS\r\nDowntime Cost Calculator.\r\nSource: https://www.hackread.com/hackers-selling-undetectable-proton-mac-malware/\r\nhttps://www.hackread.com/hackers-selling-undetectable-proton-mac-malware/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.hackread.com/hackers-selling-undetectable-proton-mac-malware/"
	],
	"report_names": [
		"hackers-selling-undetectable-proton-mac-malware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434175,
	"ts_updated_at": 1775791202,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e39bf8c73c0f0813e704a3a0e6c38f74c55cbd50.pdf",
		"text": "https://archive.orkl.eu/e39bf8c73c0f0813e704a3a0e6c38f74c55cbd50.txt",
		"img": "https://archive.orkl.eu/e39bf8c73c0f0813e704a3a0e6c38f74c55cbd50.jpg"
	}
}