toggle

AAPL Stock: 116.31 ( + 1.64 )

Printed from http://www.macnn.com

Report: new Trojan aimed at OS X appears, using OpenSSH

updated 04:20 pm EST, Tue February 19, 2013

Not yet spotted 'in the wild' but could become a threat

Anti-malware software maker Intego is confirming reports of a new OS X-based malware it called "Pintsized" that uses a modified version of OpenSSH to potentially set up a remote connection into Mac accounts, whereupon it could be used to snoop for private owner information. Though not yet seen "in the wild," the malware attempts to disguise itself by using filenames that appear as part of the normal OS X printing system, and sets itself to launch on startup.

The threat has the potential to become serious, as it uses an exploit in OS X to bypass Gatekeeper and establish a reverse shell that creates a secure connection, CNet reports. Currently, however, it is simply being discussed as a potential threat on security mailing lists and similar forums. Intego reports that all the network connections made by the Trojan have been sinkholed, so even those machines that have inadvertently used the software are not at much if any risk.

More details, such as where the attack is coming from and how to disable it should it be on a particular system, are likely to appear before the threat can grow past the "proof of concept" stage. Apple automatically updates Gatekeeper on a routine (but silent) schedule, and will likely close the loophole in due course.

Part of the danger is that the malware is using the common SSH protocol, and that it uses names users might think are legitimate. Companies such as Intego are already working to update their preventative measures to prevent the malware from spreading. At present, users need to be aware but not concerned about such a threat, and don't yet need to update or install any anti-virus or anti-malware programs they may have installed.

Those who wish to manually check their systems for any possibility of the malware being present (even though the Trojan's ability to set up a connection has already been thwarted) can consult Intego's blog post for the names of files that could be considered suspicious, along with a manual removal procedure.




by MacNN Staff

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

MaxUpgrades 512GB Retina MacBook Pro SSD

Apple's Retina line of MacBook Pro notebooks have been impressive, right from their debut in 2012. Thinner than the previous model, t ...

Lemur BlueDriver

"Oh no, the check engine light is on…again! What one of the hundreds of reasons could it be this time? Probably going to cost a for ...

toggle

Most Commented