Printed from http://www.electronista.com

Report: new Trojan aimed at OS X appears, using OpenSSH

updated 04:20 pm EST, Tue February 19, 2013

Not yet spotted 'in the wild' but could become a threat

Anti-malware software maker Intego is confirming reports of a new OS X-based malware it called "Pintsized" that uses a modified version of OpenSSH to potentially set up a remote connection into Mac accounts, whereupon it could be used to snoop for private owner information. Though not yet seen "in the wild," the malware attempts to disguise itself by using filenames that appear as part of the normal OS X printing system, and sets itself to launch on startup.

The threat has the potential to become serious, as it uses an exploit in OS X to bypass Gatekeeper and establish a reverse shell that creates a secure connection, CNet reports. Currently, however, it is simply being discussed as a potential threat on security mailing lists and similar forums. Intego reports that all the network connections made by the Trojan have been sinkholed, so even those machines that have inadvertently used the software are not at much if any risk.

More details, such as where the attack is coming from and how to disable it should it be on a particular system, are likely to appear before the threat can grow past the "proof of concept" stage. Apple automatically updates Gatekeeper on a routine (but silent) schedule, and will likely close the loophole in due course.

Part of the danger is that the malware is using the common SSH protocol, and that it uses names users might think are legitimate. Companies such as Intego are already working to update their preventative measures to prevent the malware from spreading. At present, users need to be aware but not concerned about such a threat, and don't yet need to update or install any anti-virus or anti-malware programs they may have installed.

Those who wish to manually check their systems for any possibility of the malware being present (even though the Trojan's ability to set up a connection has already been thwarted) can consult Intego's blog post for the names of files that could be considered suspicious, along with a manual removal procedure.



By Electronista Staff
toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bringi ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this y ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

Sponsor

toggle

Most Commented

 
toggle

Popular News