Thu, 21 Feb 2013 Mac malware: New Gatekeeper bypassing Mac OS X virus discovered

Intego reports that the 'Pintsized' backdoor trojan helps attackers get past firewalls on infected Macs

Security company Intego has discovered new OS X backdoor trojan malware, dubbed Pintsized, that bypasses Gatekeeper to infect Macs and can help attackers get past firewalls by initiating an encrypted reverse-shell connection.

"This threat likely starts with an exploit to get it past Gatekeeper," reports Intego, referring to the security feature launched with OS X 10.7 Lion that aims to prevent users from installing malware by implementing a digital signature system.

"Once on a system, it sets up a reverse shell," Intego continues. "That is to say, rather than announcing to the controller that the machine is infected, the controller periodically contacts the infected machine to perform commands/ Initiating the contact from outside the affected machine potentially helps get past firewalls."

The threat can be difficult to spot, however. Intego explains that the connection is hidden among a file that is usually used for printing, and also erases all command histories to they cannot be tracked. Thankfully, though, the attacker also uses clear text Perl scripts that can be easily discovered by those who know what to look for.

The reported filenames that Intego has seen the malware generate are as follows:

com.apple.cocoa.plist
cupsd (Mach-O binary)
com.apple.cupsd.plist
com.apple.cups.plist
com.apple.env.plist

At present, Pintsized doesn't appear to be a widespread threat, and Intego believes that this may have been a targeted attack. Nevertheless, Intego said that, as of 19 February, its VirusBarrier anti-virus software was able to detect Pintsized, but that XProtect is unable to protect against the threat at the time of writing.

Comments received

stefn said on Thu, 21 Feb 2013

Virus? Virus! A trojan exploit is malware. But it is not a virus. Brush up your Shakespeare.

stefn said on Thu, 21 Feb 2013

BYW, the scorecard on real, genuine viruses is over 100,000 on Windows, 0 on Macs.

jcgarcia4567 said on Thu, 21 Feb 2013

Pintsized hasn't been seen in the wild yet, according to security software maker Intego, since the malware looks to still be in a proof of concept stage.

Therefore it hasn't even been proven to work in the wild, only discovered that someone's trying!

Fear mongering, can you guys do a little research and post the WHOLE STORY? And you call yourselves mac world, get real.

Disclaimer
Opinions expressed here are those of the writers and do not reflect those of Macworld. Macworld accepts no responsibility legal or otherwise for their accuracy of content.
Click here to read the house rules.

Click here for the latest reader comments

Latest News

More news...

Related News

More Mac news...

Search news

Search Google

Newsletter signup

It's easy and free to get the latest news headlines, reviews and opinions straight to your email inbox. Sign up NOW to make sure you receive the latest Mac news, reviews and tutorials on your favourite topics.

Latest issue: Macworld

Find out what's in this month's Macworld here.

Macworld reader poll

What version of Adobe Creative Suite do you use?:

View poll results

Have your say in the
Macworld Forums!

Register now

Stay on top of the latest, breaking Mac news and chat with other Mac professionals and enthusiasts about the issues that matter to you. Register with Macworld today to join our forums and receive our twice-weekly email newsletter, Macworld Mainline.

RSS

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.

Subscribe to our feeds here

Latest PC industry news

MACWORLD MARKETPLACE

	LogMeIn Free - Remote Computer Access LogMeIn is a secure remote desktop software that lets you access your computers, files, and apps from anywhere on any device. Simply connect with LogMeIn Free and be free to work the way you want.
	TemplateCloud TemplateCloud.com is the design marketplace for graphic designers. You create designs, and use our software to build them into online editable templates. We sell your designs in different countries via different websites. Each time a customer uses your design, we pay you a royalty; the price is set by you.
	Amsys Amsys is recognised as the technical leader in Apple and has developed bespoke technical products and solutions to deliver class leading support to its business clients. Amsys clients can select from consultancy, integration, break-fix, recruitment, training and app development. Amsys make Apple products work for business.
	About NAD NAD Electronics has always stood out by doing things differently. Our relentless pursuit of great sound has earned us a ‘giant killer’ reputation. Every product is designed with heart and soul you can hear, emphasizing quality over quantity. We focus on the inside where it counts—and where you can hear the results.
	Sphero is a completely new type of gaming system. It's the world's first robotic ball that you control from your smartphone or tablet. You can drive Sphero, play tabletop and multiplayer games, use Sphero as a handheld controller for on-screen gameplay, and even explore augmented reality. Now with 20+ apps!
	MeteoGroup WeatherPro - the award winning weather app! Developed by professional meteorologists and providing weather forecasts for over 2 million locations with real-time, high resolution radar and satellite images, ski weather, water temperatures and more, WeatherPro is the most accurate and comprehensive weather app on the market.
	Beat the Credit Crunch - Lease your Mac from Hardsoft Hardsoft are the only 'one stop' solution for the supply and finance of I.T. to businesses throughout the UK via our regional branch offices. We are uniquely both equipment Apple Approved Reseller and licensed Credit Brokers and have tailored a solution which includes a full 3 year warranty and an equipment upgrade every 18 months.