Mac malware: New Gatekeeper bypassing Mac OS X virus discovered

Intego reports that the 'Pintsized' backdoor trojan helps attackers get past firewalls on infected Macs

Security company Intego has discovered a new OS X backdoor trojan virus, dubbed Pintsized, that bypasses Gatekeeper to infect Macs and can help attackers get past firewalls by initiating an encrypted reverse-shell connection.

"This threat likely starts with an exploit to get it past Gatekeeper," reports Intego, referring to the security feature launched with OS X 10.7 Lion that aims to prevent users from installing malware by implementing a digital signature system.

"Once on a system, it sets up a reverse shell," Intego continues. "That is to say, rather than announcing to the controller that the machine is infected, the controller periodically contacts the infected machine to perform commands/ Initiating the contact from outside the affected machine potentially helps get past firewalls."

The threat can be difficult to spot, however. Intego explains that the connection is hidden among a file that is usually used for printing, and also erases all command histories to they cannot be tracked. Thankfully, though, the attacker also uses clear text Perl scripts that can be easily discovered by those who know what to look for.

The reported filenames that Intego has seen the virus generate are as follows:

com.apple.cocoa.plistcupsd (Mach-O binary)com.apple.cupsd.plistcom.apple.cups.plistcom.apple.env.plist

Intego said that, as of 19 February, its VirusBarrier anti-virus software was able to detect Pintsized, but that XProtect is unable to protect against the threat at the time of writing.

See also:

Less than half of Mac owners have anti-virus software installed

Apple releases Java update and malware removal tool following cyber attack

New Mac Malware charging user's mobile accounts

New 'Dockster' malware targets Apple computers

New Mac malware stealing passwords

Tags: Mac, Mac OS, security, software, Intego, operating systems, malware

BlackBerry Hints at Complete End Point Security

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Webroot SecureAnywhere Business

The lightest, fastest, easiest-to-manage, and most effective endpoint protection.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.