New mac malware opens secure act new mac malware opens secure search new mac malware opens secure access new mac malware opens securepak new mac malware opensea new mac malware openstreetmap new mac malware openshot new mac malware openstax new mac pro
New Mac malware opens secure reverse shell
A new backdoor Trojan for OS X is making the rounds, attempting to set up a secure connection for a remote hacker to connect through and grab private information.
The malware, dubbed "Pintsized" by Intego, is suspected of using a modified implementation of OpenSSH to set up a reverse shell that creates a secure connection to a remote server.
The use of an encrypted connection makes it more difficult to detect and trace, especially since it uses the common SSH protocol. In addition, the malware attempts to hide itself by disguising its files to look like components of the OS X printing system, specifically the following:
com.apple.cocoa.plist
cupsd (Mach-O binary)
com.apple.cupsd.plist
com.apple.cups.plist
com.apple.env.plist
Intego does not state where these files are placed in the OS, but as with prior malware in OS X this requires an option to automatically launch the malware whenever the system is started or when a user logs in, which in OS X is the various launch agent directories in the system. Launch agents use a property list (plist) structure, and can be used to target a binary executable (such as the mentioned "cupsd" one above) to keep it always running on the system.
Therefore, to check for this malware, open the following directories in the system to check for the presence of any of the above files:
/System/Library/LaunchDaemons
/System/Library/LaunchAgents
/Library/LaunchDaemons
/Library/LaunchAgents
~/Library/LaunchAgents
NOTE: You can highlight each folder path above individually, right-click the selection, and choose "Open" from the Services contextual submenu to open it in the Finder.
Because malware developers use these folders as a means of running their malware in OS X, one easy way to detect any misuse of them is to set up an alert that will notify you whenever files are added to them. I outlined how to do this with tools and services that are included in OS X, and the Luxembourg CIRCL subsequently developed a standalone installer that sets up a similar monitoring routine.
In addition to monitoring these folders, you can also install a reverse firewall like Little Snitch, which will notify you whenever a program attempts to make a connection to a remote server.
Currently it is unknown how the malware initiates its attack, whether it uses a previously documented vulnerability or one that is yet to be disclosed; however, the malware is not known to be widespread and is primarily being discussed on various security mailing lists. Nevertheless, by checking for the presence of the above files in the system's Launch Agent and Launch Daemon folders you should be able to determine if your system is free of it.
Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.
Source
Blog Archive
-
▼
2022
(227)
-
▼
November
(54)
- Apple's New 2021 IPad Pro: What To Expect From App...
- Ditch Those Dragging Download Speeds With $80 Off ...
- New Mac Malware Opens Secure Reverse Shell
- LG Pledges Three Years Of Android Software Updates...
- The Ultralight Asus ExpertBook B9450 Has A Magic T...
- Best Smart TV For 2022: Top Picks In Every Budget ...
- 4K And 8K TV Refresh Rates From 60hz To 120Hz: Eve...
- Galaxy Z Flip 3 Deal: Save Up To $750 Off A Custom...
- William Jackson Harper Rap Battled Lin-Manuel Mira...
- Google Pixel 3 XL Leak Shows USB-C Headphones And ...
- Apple Reportedly Faces Further EU Antitrust Charge...
- Lamborghini's New Urus Performante Ups The SUV Ant...
- Perinatal Depression: What It Is And How To Cope
- Laptop Buying Guide
- At CES 2022, AMD Hit All The Gaming Targets
- Christie's Auctioning Off NFT Of First Wikipedia Edit
- The Ethereum Merge Explained
- Alexa With Better Audio? At CES, Lenovo Introduces...
- This Is Bearsun, An Instagram Teddy Bear Walking 4...
- Keep Your Floors Clean With $200 Off The Roborock ...
- Oppo R7s Review: Sleek And Stylish, But Not Worth ...
- Samsung's Galaxy Watch 4 Could Be A Peek At The Fu...
- LimeWire Will Be Resurrected As NFT Marketplace
- What Is Net Metering And How Does It Work?
- When Is Android 12 Coming To Your Phone? Everythin...
- Our Favorite Bond Gadgets: Car Submarines, Camera ...
- Anycubic Kobra Review: The Everybody 3D Printer
- FCC Commissioner Wants TikTok Pulled From Apple, G...
- Best TVs To Give For The Holidays 2021
- Scammers Are Using Google Ads To Target Students S...
- 5 Unexpected Places To Put Your Apple AirTags
- Galaxy S20 Vs. S20 Ultra Vs. S20 Plus: Who Should ...
- Use Your Nightly Shower To Get Better Sleep
- Samsung Made The Galaxy Book 2 Lineup Feel More Pro
- WhatsApp Adds A Touch Of Snapchat With 'Status' Fe...
- Windows 10: Customize Your Taskbar To Get The Late...
- Pixel 6 Is A Major Upgrade: A First Look At Google...
- TikTok Videos Can Now Be Up To 10 Minutes Long
- Halloween 2019: Last-minute Costumes You Can Get O...
- Restore Gmail Contacts You've Deleted By Mistake W...
- Review: Wyze Night Lights Are As Basic As It Gets ...
- CES 2021: Lenovo ThinkBook Plus Gen 2 I Laptop Has...
- Spring Into Action With This Storage Event At Bed ...
- Lenovo Miix 520 Review: A Surface Pro Clone With A...
- The IPhone SE, Not The Mini, May Be The Future Of ...
- IOS 16: Rumors Are Flying As Apple's WWDC Conferen...
- 'Ms. Marvel' Star Iman Vellani Got Cast On Her Las...
- Apple Kills $999 MacBook Air And 12-inch MacBook
- 9 Great Reads From CNET This Week: COP26, Star War...
- Motorola One 5G Costs $445 And Will Have You Sayin...
- Apple's Swift Playgrounds 4 Lets Programmers Submi...
- Tiny Robot Crab Army Could Assist With Surgeries O...
- Google's New Wallet App Is Available Globally, Rep...
- Hear James Webb Telescope Images Translated Into E...
-
▼
November
(54)
Total Pageviews
Search This Blog
Popular Posts
-
Carta de motivação academica wayne, carta de motivação academica charter, carta de motivação academica virtual education, carta de motivação...
-
Ukuran hp samsung galaxy j1 ace neo, ukuran hp samsung galaxy j1 ace specifications, ukuran hp samsung galaxy j1 ace software, ukuran hp sam...
-
Contoh soalan fizik spm 2019, contoh soalan fizik spm 2018, contoh soalan fizik spm 2017, contoh soalan fizik kertas 3, contoh soalan fizik ...