Pintsized Trojan Bypasses Mac’s Gatekeeper Feature

| News

A new malware threat for the Mac has been discovered that can work around OS X's Gatekeeper security feature. The threat, dubbed "Pintsized," can create a secure remote connection to victim's user accounts, and then scour their hard drive for personal information.

Pintsized Trojan bypasses Gatekeeper, but isn't in the wild yetPintsized Trojan bypasses Gatekeeper, but isn't in the wild yet

Luckily, Pintsized hasn't been seen in the wild yet, according to security software maker Intego, since the malware looks to still be in a proof of concept stage. The malware's payload is disguised to look like legit system files, but isn't difficult for a trained eye to spot.

"The controller [computer] periodically contacts the infected machine to perform commands. Initiating the contact from outside the affected machine potentially helps it get past firewalls," Intengo said in a blog post about the threat. "This part of the threat is comprised of clear text Perl scripts, which means it's fairly easy to spot if someone knows what to look for."

Also, the network points the malware attempts to use for outside connections are currently blocked, so there isn't a way for it to receive commands.

Bypassing Gatekeeper means OS X Lion and Mountain Lion won't detect Pintsized if it's been installed on a victim's computer, making the malware harder to detect. Gatekeeper is a system-level feature that helps protect users from Trojan apps attempting to install malware and verifies trusted apps haven't been altered.

Even though Pintsized isn't actively being used to target Mac users right now, it's still a good idea to practice safe computing by avoiding websites you don't know if you can trust, and don't touch files and installers from unknown sources.

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

Most of the recent potential threats to Mac users have come through alternate avenues such as Java, Flash, and PDF. Pintsized, however, uses a security flaw in OS X, which is a strong reminder that the days where hackers weren't interested in targeting Macs are behind us.

Apple, like so many other companies, is now working to patch secuirty flaws before they become major headaches or public black eyes. It's up to end users to do their part, too, by paying attention to their online activity, making sure they know the source of the software they're installing, and checking to make sure the files they open are legit and really do come from trusted sources.

It's also time to stop gloating over Windows users even though the number of secuirty threats for their PCs outnumbers by far what Mac users face. We're all in this together regardless of which operating system drives our computers.

Popular TMO Stories

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

Lee Dronick

“A new malware threat for the Mac has been discovered that can work around OS X’s Gatekeeper security feature. “

Do we still get a prompt to install the app, enter password and all?

“It’s also time to stop gloating over Windows users even though the number of secuirty threats for their PCs outnumbers by far what Mac users face. We’re all in this together regardless of which operating system drives our computers.”

Yes.

Ron McElfresh

“Pintsized hasn’t been seen in the wild yet”

I wonder how Intego found out about Pintsized if it’s not ‘in the wild yet?’

BurmaYank

I know I’m very ignorant about these issues, but still I feel much more trust in the idea that this announcement by Intego is nothing more than (another red-herring) marketing ploy, than in the idea that anything Intego says about Mac security threats is not bogus.

jbruni

Follow the money. There is still not much demand for OS X vulnerabilities. The price for an OS X exploit is only a couple grand, whereas Windows exploits go for orders of magnitude more. Because of this, there is not much incentive for hackers to devote time to researching holes in OS X, except maybe as a hobby.

Hans K Hansen

“It’s also time to stop gloating over Windows users even though the number of secuirty threats for their PCs outnumbers by far what Mac users face. We’re all in this together regardless of which operating system drives our computers.”

Well, yes and no.

Justified this statement about mac and windows users, that they do not account for linux, although it is not mentioned above?

While there is found a few active viruses for both mac and linux, so I think, that it is too early to say so categorically. The very fact that there are approximately one million active virus on the windows, is it without comparison.

Security is extremely important. Yet I find it not inconceivable that many mac and windows users knowledge of linux, is virtually non-existent.

For example, Linux does not use a standard installed administrative account, which seems to be the case on both Mac and Windows, lesser on Mac’s but still leaving the systems more open than necessary. Root is not active as standard om Mac’s but still with global rights.

There is a big difference in how linux and the to others handle threats, just as there are differences in how Apple and Microsoft do the same, even that Apple don’t quite seem to understand this issue as well.

However, Windows is still the craziest system the world has seen ever, absolutely nothing to mimic according to security, and is probably only used because ordinary people do not understand computing at all.

Thank You

Log-in to comment