Mac malware: New Gatekeeper bypassing Mac OS X virus discovered

Intego reports that the 'Pintsized' backdoor trojan helps attackers get past firewalls on infected Macs

Security company Intego has discovered a new OS X backdoor trojan virus, dubbed Pintsized, that bypasses Gatekeeper to infect Macs and can help attackers get past firewalls by initiating an encrypted reverse-shell connection.

"This threat likely starts with an exploit to get it past Gatekeeper," reports Intego, referring to the security feature launched with OS X 10.7 Lion that aims to prevent users from installing malware by implementing a digital signature system.

"Once on a system, it sets up a reverse shell," Intego continues. "That is to say, rather than announcing to the controller that the machine is infected, the controller periodically contacts the infected machine to perform commands/ Initiating the contact from outside the affected machine potentially helps get past firewalls."

The threat can be difficult to spot, however. Intego explains that the connection is hidden among a file that is usually used for printing, and also erases all command histories to they cannot be tracked. Thankfully, though, the attacker also uses clear text Perl scripts that can be easily discovered by those who know what to look for.

The reported filenames that Intego has seen the virus generate are as follows:

com.apple.cocoa.plistcupsd (Mach-O binary)com.apple.cupsd.plistcom.apple.cups.plistcom.apple.env.plist

Intego said that, as of 19 February, its VirusBarrier anti-virus software was able to detect Pintsized, but that XProtect is unable to protect against the threat at the time of writing.

See also:

Less than half of Mac owners have anti-virus software installed

Apple releases Java update and malware removal tool following cyber attack

New Mac Malware charging user's mobile accounts

New 'Dockster' malware targets Apple computers

New Mac malware stealing passwords

Tags MacMac OSsecuritysoftwareIntegooperating systemsmalware

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Risk Management Solutions

Create and deliver online assessments to identify business risks and track their mitigation and resolution.

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.