Blog

Rahul Thadani
Latest Mac malware on the rise, hides in networked printer directory
February 20, 2013

Apple MacBook

A new variant of Mac malware has been discovered and it is beginning to spread to Apple Macs through the networked printer file directory. The malware is a kind of ‘Backdoor Trojan’ and some sources have named this Trojan ‘Pintsized’. Apple Mac OS X is afflicted by this malware but as of now, the extent of the damage caused is unknown.

A backdoor Trojan, as the name suggests, cleverly enters a machine by pretending to be a legitimate file or program. Once inside, such a Trojan provides an open channel of access to a remote hacker. The hacker then enters and controls the system to cause havoc.

This latest Trojan ‘Pintsized’ stays hidden by disguising itself as a file that is used for networked printers in Mac OS X. The location of the malware has been traced to this particular directory. This tactic conceals the Trojan and makes a monitor think that a printer is seeking access to the network.

Once the Trojan infiltrates a machine it creates a secure connection between the machine and a remote control center. Once a hacker gains remote access, he can collect vital information. He can also direct commands towards the machine and manipulate it to fulfill these commands.

Mac OS X Snow Leopard

Since the connection between the hacker and the machine is encrypted, it becomes very hard for the Trojan to be detected or traced. This encrypted network connection also escapes the detection from Gatekeeper, Apple’s default malware scanner. Gatekeeper prevents the installation of malware on a Mac through a digital signature system.

Since this is a targeted attack where the victim has already been profiled before (like in a watering hole attack), the remote hacker already knows when a machine is compromised. So he directly sends executable commands to the machine rather than receiving notifications to announce that a machine has been infected.

It is believed that this is a targeted attack that may have been potentially dropped by an exploit. Since the target has already been profiled (via a watering hole attack) the controller contacts the machine to perform commands. This is done rather than a notification that reaches the controller to announce that the machine is infected.

We will provide updates about this backdoor Trojan as more information is gathered. We also recommend Quick Heal Total Security for Mac to secure Apple Macs. This security solution for Mac provides real-time threat protection and prevention in a simple manner which does not hamper performance.

Have something to add to this story? Share it in the comments.

Rahul Thadani
About Rahul Thadani
Rahul is a web enthusiast and blogger, and has been writing about the computer security industry for the last three years. Following the latest technology trends,...
Articles by Rahul Thadani »

2 Comments

Your email address will not be published.

CAPTCHA Image

  1. Thanks rahul for updating us with this new malware on MAc

    Reply