Thursday, February 21, 2013
New Mac malware opens secure connection for a remote hacker
Dubbed "Pintsized" that uses a modified version of OpenSSH to potentially set up a remote connection into Mac accounts.
This backdoor Trojan can be used to conduct distributed denial of service (DDoS) attacks, or it can be used to install additional Trojans or other forms of malicious software.
Since the connection between the hacker and the machine is encrypted, it becomes very hard for the Trojan to be detected or traced. The threat has the potential to become serious, as it uses an exploit in OS X to bypass Gatekeeper and establish a reverse shell that creates a secure connection.
Trojan stays hidden by disguising itself as a file that is used for networked printers in Mac OS X. The location of the malware has been traced to this particular directory. This tactic conceals the Trojan and makes a monitor think that a printer is seeking access to the network.
Pintsized hasn't been seen in the wild yet, according to security software maker Intego, since the malware looks to still be in a proof of concept stage.