New Trojan Targets Macs, Apple’s XProtect Doesn’t Detect It
Intego says the “pint-sized” backdoor is an efficient threat, albeit a minor one
Mac security firm Intego reports on the emergence of a new Trojan targeting Macs. The “pint-sized” malware, although minor, is fairly efficient, according to the security company based in Austin, Texas.“A new backdoor which affects OS X has been announced to an AV industry mailing list. Details are fairly limited right now, and the components we have indicate a fairly small, simplistic but efficient threat,” Intego reports.
“It’s believed that this was a targeted attack, perhaps dropped by an exploit. At the time of writing, all of the network components have been sinkholed so it’s unable to receive commands.”
From what Intego was able to gather, the threat starts with an exploit that gets it past Gatekeeper, a security implementation from Apple.
The second part of the threat comes in when “the binary component uses a modified version of existing tools (namely OpenSSH 6.0p1) for creating a secure connection to encrypt the traffic so that it is much better hidden,” according to Intego.
“The threat encrypts traffic with the command and control channel by use of an RSA key,” says the firm.
Intego’s VirusBarrier will detect the backdoor as OSX/Pintsized.A, so long as its virus definitions have been updated.
Intego points out that Apple’s XProtect anti-malware mechanism in OS X didn't protect against the threat at the time of their reporting.
Apple has been a hot target for malware as of late.
A breaking report from Reuters yesterday revealed that Apple’s own Macs had been breached by hackers. The group was said to be the same one which attacked Facebook recently.
In response to the attack, Apple quickly released updates that patched the exploited vulnerabilities on all Macintosh computers around the world. More information on the attack and the subsequent patching can be found in the links below.
Hackers Penetrate Apple’s Own Macs
Apple Puts OS X Malware Removal Tool in Java Updates
Oracle Updates February CPU, Fixes 5 Additional Java Vulnerabilities
Apple Hacked by Same Cybercriminals Who Breached Facebook and Twitter