Remember that hack marathon earlier this year that saw Apple, Facebook, Twitter, and Microsoft compromised? Yeah, well, the breach occurred courtesy infected Macs. And now researchers have identified the malware that infected these Macs — ‘Pintsized.A’.
Pintsized.A is a new trojan that specifically targets Mac OS X. It isn’t entirely clear how it works but it is known that Pintsized.A bypasses Mac’s Gatekeeper, a security tool Apple introduced in OS X Lion v10.5.7 that blocks programs from installing on OS X that have been modified or don’t have a valid ‘Developer ID’. Once past Gatekeeper, Pintsized.A opens a connection with the mothership (aka command control server) and encrypts the connection so that the communication is harder to detect. Once the connection has been established, the scumbags behind the malware have remote access and control over the infected machines.
An interesting discovery made by security researchers regarding Pintsized.A is that it used third-party, unrelated websites to spread the trojan. Various third-party websites, including the already known iphonedevsdk.com, were booby trapped with the trojan without the knowledge of the website owners. However, as ArsTechnica points out, what is even more interesting is the fact that the booby trapped websites only infected certain types of people/machines — not all Mac visitors were hit with the trojan. It isn’t yet known why or how this happened, but smart geeks are looking into it.