Mac malware that infected Facebook bypassed OS X Gatekeeper protection

[м¢ℓσνιη]

Source: Mac malware that infected Facebook bypassed OS X Gatekeeper protection
New family of Mac malware masqueraded as printer software.

VirusTotal: Pintsized

Researchers have identified the Mac malware that infected employees of Apple, Facebook, and Twitter, and say it may have been used to compromise machines in other US organizations, including auto manufacturers, government agencies, and a leading candy maker, according to a published report.

Pintsized.A is a new family of Mac malware that uses an exploit to bypass Gatekeeper, an OS X protection that allows end users to tightly control which sources are permitted to install apps, according to an article published Monday by The Security Ledger. Mac antivirus provider Intego says the trojan masquerades on infected machines as Linux printing software known as cupsd, although it runs from a different location than the legitimate title. It's unclear exactly how the malware gets around Gatekeeper.

Related: About Gatekeeper

Gatekeeper is a new feature in Mountain Lion and OS X Lion v10.7.5 that builds on OS X's existing malware checks to help protect your Mac from malware and misbehaving apps downloaded from the Internet.

 

[Doug]

Gatekeeper would not protect from a simple wget request...lol it would protect from a .dmg or an .app being downloaded online, apple is honestly pretty oblivious to the fact that they are not the only ones who know their way around the computer.

Im sure the bypass is just something with java that makes your machine send a wget request to download and execute their trojan.


BTW thanks for showing me this post, I now have something to keep me occupied for the next few days