'Pintsized' Malware Slips by Fortified Gatekeeper Security to Attack Apple Mac OS X Users
It is no secret that most malware developed today was made to attack PCs using Windows as their operating system, due to both its vulnerabilities and large user base. Apple developers and users have long enjoyed this reality, and feeling invincible, all but continue to taunt their peers. As a result, any warnings or mention of malware security is often balked by Apple users, who argue their core is untouchable and void of common malware threats. But life evolves and things change, including the PC market share of Apple that today nearly equals its rival, Microsoft, thanks to iPad, making them an even
All technology users need to understand that cybercrime is a billion-dollar industry and more important, evil is not bias. Cybercrooks do not care who they hurt and constantly seek new victims and new ways to cheat them out of money. Whether the draw is its growing user base or the mere challenge of penetrating its defense, security researchers are seeing more and more malware created to specifically take a bite out of Apple.
A new beast and backdoor Trojan named Pintsized successfully attacked Apples' Lion (OS X Mountain Lion and Mac OS X Lion) after slipping pass its Gatekeeper. Gatekeeper is Apples' fortified antimalware security feature, building upon present malware checks to restrict where downloads or apps sourced from. Users have the option of choosing among three levels of security; Mac Apple store (default); Mac Apple store and identified developers (id); Anywhere.
It is believed Pintsized relies on an exploit to bypass Gatekeeper; which one is not yet known. Once inside, it sets up a reverse shell so that if the controller can periodically communicate with the infected machine and not vice versa, thus helping it bypass firewalls. Thankfully, the commands are written in Perl scripts and thus are easily identifiable, at least for those technically savvy. Pintsized uses several obfuscation tricks, for instance, using a modified version of SSH to create a secure connection; masking files as printing files and hiding them in this directory; and use of an RSA key to communicate with the C&C (command-and-control server). Pintsized is set up to run each time the user logs in and operates off a plist (property list) structure so that it is always running in the background.
The malware maker of Pintsized is relying on the boastful arrogance of Apple users, especially those unaware that their Gatekeeper has fallen asleep on the job. Without proper alert, the invasion and attack will remain under the radar, so you may not be aware that your system has been robbed of vital data or turned into a zombie that can be used in a DNS strike. Therefore, to give yourself peace of mind, you should do a clean sweep using a formidable opponent of Pintsized and other Apple created malware, as there are more on the prowl than you think.
No longer can Apple users ignore the threat and continued cybercrime war that is placing computer users' data and system resources at risk. Many of the same safety precautions given Windows and other OS systems battling malware strategies apply to Apple users, including those who have shifted to using a mobile or smartphone operating system platform.