Printed from http://www.electronista.com

Report: new Trojan aimed at OS X appears, using OpenSSH

updated 04:20 pm EST, Tue February 19, 2013

Not yet spotted 'in the wild' but could become a threat

Anti-malware software maker Intego is confirming reports of a new OS X-based malware it called "Pintsized" that uses a modified version of OpenSSH to potentially set up a remote connection into Mac accounts, whereupon it could be used to snoop for private owner information. Though not yet seen "in the wild," the malware attempts to disguise itself by using filenames that appear as part of the normal OS X printing system, and sets itself to launch on startup.

The threat has the potential to become serious, as it uses an exploit in OS X to bypass Gatekeeper and establish a reverse shell that creates a secure connection, CNet reports. Currently, however, it is simply being discussed as a potential threat on security mailing lists and similar forums. Intego reports that all the network connections made by the Trojan have been sinkholed, so even those machines that have inadvertently used the software are not at much if any risk.

More details, such as where the attack is coming from and how to disable it should it be on a particular system, are likely to appear before the threat can grow past the "proof of concept" stage. Apple automatically updates Gatekeeper on a routine (but silent) schedule, and will likely close the loophole in due course.

Part of the danger is that the malware is using the common SSH protocol, and that it uses names users might think are legitimate. Companies such as Intego are already working to update their preventative measures to prevent the malware from spreading. At present, users need to be aware but not concerned about such a threat, and don't yet need to update or install any anti-virus or anti-malware programs they may have installed.

Those who wish to manually check their systems for any possibility of the malware being present (even though the Trojan's ability to set up a connection has already been thwarted) can consult Intego's blog post for the names of files that could be considered suspicious, along with a manual removal procedure.



By Electronista Staff
toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Patriot Supersonic Rage XT 128GB USB drive

USB thumb drives are getting larger by the day, their growth speeding along with the availability and expansion of memory chips. But h ...

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

Sponsor

toggle

Most Commented

 
toggle

Popular News