Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Report: new Trojan aimed at OS X appears, using OpenSSH

Report: new Trojan aimed at OS X appears, using OpenSSH
Thread Tools
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Feb 19, 2013, 04:28 PM
 
Anti-malware software maker Intego is confirming reports of a new OS X-based malware it called "Pintsized" that uses a modified version of OpenSSH to potentially set up a remote connection into Mac accounts, whereupon it could be used to snoop for private owner information. Though not yet seen "in the wild," the malware attempts to disguise itself by using filenames that appear as part of the normal OS X printing system, and sets itself to launch on startup.

The threat has the potential to become serious, as it uses an exploit in OS X to bypass Gatekeeper and establish a reverse shell that creates a secure connection, CNet reports. Currently, however, it is simply being discussed as a potential threat on security mailing lists and similar forums. Intego reports that all the network connections made by the Trojan have been sinkholed, so even those machines that have inadvertently used the software are not at much if any risk. More details, such as where the attack is coming from and how to disable it should it be on a particular system, are likely to appear before the threat can grow past the "proof of concept" stage. Apple automatically updates Gatekeeper on a routine (but silent) schedule, and will likely close the loophole in due course. Part of the danger is that the malware is using the common SSH protocol, and that it uses names users might think are legitimate. Companies such as Intego are already working to update their preventative measures to prevent the malware from spreading. At present, users need to be aware but not concerned about such a threat, and don't yet need to update or install any anti-virus or anti-malware programs they may have installed. Those who wish to manually check their systems for any possibility of the malware being present (even though the Trojan's ability to set up a connection has already been thwarted) can consult Intego's blog post for the names of files that could be considered suspicious, along with a manual removal procedure.
     
   
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Top
Privacy Policy
All times are GMT -4. The time now is 05:29 AM.
All contents of these forums © 1995-2014 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2014, Jelsoft Enterprises Ltd., Content Relevant URLs by vBSEO 3.3.2