“Pintsized” is the name for the new malware threat for Mac discovered in the last week of February 2013. Fortunately, the malware hasn’t turned wild yet, however, it is really dangerous and can compromise your sensitive data and files.
How this malware works:
Pintsized uses a modified version of OpenSSH, and utilizes an exploit in OS X Lion and Mountain Lion, bypassing the Gatekeeper (a system-level feature that helps protect users from Trokan apps attempting to install malware) and establishing a reverse shell that creates a secure connection on a victim’s computer. Since the connection between the hacker and the compromised Mac is encrypted, the malware is very hard to be detected or traced.
How to detect the thread:
The malware stays hidden by disguising itself as a file that is used for networked printers in Mac OS X. The tactic conceals the malware and makes the monitor think that it is a printer seeking access to the network.
How to prevent infection:
No matter which operating system you use, the answer is always the same. Put safe computer rules into practice, such as:
- Avoid websites you don’t know or are unsure if you can trust
- Do not accept files from unknown sources
- Do not manipulate files and installers from unknown sources
Apple is now working to patch security flaws before they become major headaches, but we need to do our part too, by paying attentions to what we are doing, making sure that we know the source of the software that we are installing, and checking to make sure the files we are about to open are legitimate and really do come from trusted sources or contact.
You can find the list of security updates for Apple products here:
The released list with the infected file names, as they were reported, includes:
Cupsd (Mach-O binary)