Monday, March 11, 2013
New Mac malware bypassed OS X Gatekeeper protection
According to the company, the new Mac-malware already managed to infect the computers of employees Apple, Facebook, Twitter, and a number of others, including the government, American institutions. It is reported that among the victims of the malware is Mac-and one of the three major U.S. automakers.
Malware Pintsized.A represents a new class of malicious programs Mac-using a previously unknown vulnerability in the built-in Mac OS X Security Tools Gatekeeper. Originally utility Gatekeeper is designed for monitoring of installed programs and lock the file system from unauthorized installations. However, a new malicious software disguised as CUPS, used in Linux and Mac to control printing documents. In this case, careful Mac-user may notice that the pseudo-CUPS tries to install the system in a folder that has no relation to the legitimate CUPS.
Once installed Pintsized open network channel for communication with the remote command server controlled by hackers. To mislead the malware uses a modified version of the utility OpenSSH, and the malware itself encrypts your data using SSH, which makes it difficult to detect.
It is known that most of the copies now Pintsized accesses the server at corp-aapl.com. In Intego said that Facebook network engineers identify suspicious traffic in relation to the resources of a company's internal network. The situation was similar to Twitter and Apple.
Link: New family of Mac malware masqueraded as printer software - Read more