A new trojan virus is targeting computers running Mac OS X and initiating an encrypted reverse-shell connection, allowing attackers potentially unfettered access to infected machines armed with basic, inbound-only firewalls. Security firm Intego appears to be the first to report on this malware and has named the backdoor virus "Pintsized".
As of 10.7 (Lion), Mac OS X employs an anti-malware feature named "Gatekeeper" which helps deflect the "installation" of malware by utilizing what is essentially a digital signature system. It appears Pintsized has the capability to defeat this security mechanism, although exactly how it does so remains unknown. Although Gatekeeper is enabled by default, it's worth noting it can also be disabled. Under normal circumstances, users who disable Gatekeeper would be afforded no protection against these types of attacks.
Once Pintsized is in, it phones home to hackers via an encrypted OpenSSH connection. Because the infected computer initiates the bi-lateral connection and not the remote server, Pintsized is able to bypass inbound-only firewalls, like the in-built Mac OS X firewall and the firewalls/NAT provided by most routers. This persistent shell access allows hackers to run remotely-issued commands on the infected system, some of which have been identified as clear-text Perl scripts. Thankfully for victims though, the malware author's use of obfuscated Perl scripting makes Pintsized conceivably simple to identify.
Pintsized attempts to hide its components by posing as CUPS-related files -- the Unix printing system utilized by Mac OS X. The files Intego has seen the virus generate are:
- cupsd (Mach-O binary)
Presumably, infected machines would attempt to load infected files on start up. Users would likely want to check for signs of the above files in the following locations:
- ~/Library/LaunchAgents (user launch area)
The payload of the virus also remains unknown, but as with many attacks, there is likely a monetary incentive. An open SSH connection opens a whole world of devious possibilities though, so users will want to get rid of Pintsized as soon as they can.
Unsurprisingly, Intego says their VirusBarrier product picks up the virus. At the time of their writing though, the firm noted XProtect was unable to detect Pintsized.
The Apple MacBook Pro with Retina Display is equipped with a third generation Intel Core i7 processor clocked at 2.3GHz, 8GB of DDR3L 1600MHz RAM, 256GB of flash storage, Intel HD 4000 Graphics, a discrete Nvidia GeForce GT 650M GPU with 1GB of GDDR5 memory and a built-in FaceTime HD camera. It sports a SDXC card reader, HDMI port, two USB 3.0 ports, MagSafe 2 power connector and a dual Thunderbolt ports.
The Apple iPad (3rd-gen) includes a Retina Display operating at a resolution of 2,048 x 1,536. Powering the new iPad is a dual-core A5X processor with quad-core graphics, it also gets upgraded optics in the form of a 5MP backside illuminated sensor that features a 5-element lens, IR filter and ISP built into the A5X chip. Apple claims The new iPad is good for 10 hours of battery life and nine hours when using 4G LTE.
Downloads and Drivers
From the Forums
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.