Pintsized Trojan Bypasses Mac's Gatekeeper Feature

A new malware threat for the Mac has been discovered that can work around OS X's Gatekeeper security feature. The threat, dubbed "Pintsized," can create a secure remote connection to victim's user accounts, and then scour their hard drive for personal information.

Pintsized Trojan bypasses Gatekeeper, but isn't in the wild yetPintsized Trojan bypasses Gatekeeper, but isn't in the wild yet

Luckily, Pintsized hasn't been seen in the wild yet, according to security software maker Intego, since the malware looks to still be in a proof of concept stage. The malware's payload is disguised to look like legit system files, but isn't difficult for a trained eye to spot.

"The controller [computer] periodically contacts the infected machine to perform commands. Initiating the contact from outside the affected machine potentially helps it get past firewalls," Intengo said in a blog post about the threat. "This part of the threat is comprised of clear text Perl scripts, which means it's fairly easy to spot if someone knows what to look for."

Also, the network points the malware attempts to use for outside connections are currently blocked, so there isn't a way for it to receive commands.

Bypassing Gatekeeper means OS X Lion and Mountain Lion won't detect Pintsized if it's been installed on a victim's computer, making the malware harder to detect. Gatekeeper is a system-level feature that helps protect users from Trojan apps attempting to install malware and verifies trusted apps haven't been altered.

Even though Pintsized isn't actively being used to target Mac users right now, it's still a good idea to practice safe computing by avoiding websites you don't know if you can trust, and don't touch files and installers from unknown sources.