New family of Mac malware masqueraded as printer software.
Researchers have identified the Mac malware that infected employees of Apple, Facebook, and Twitter, and say it may have been used to compromise machines in other US organizations, including auto manufacturers, government agencies, and a leading candy maker, according to a published report.
Pintsized.A is a new family of Mac malware that uses an exploit to bypass Gatekeeper, an OS X protection that allows end users to tightly control which sources are permitted to install apps, according to an article published Monday by The Security Ledger. Mac antivirus provider Intego says the trojan masquerades on infected machines as Linux printing software known as cupsd, although it runs from a different location than the legitimate title. It's unclear exactly how the malware gets around Gatekeeper.
The Security Ledger brought to light several other new revelations about the attacks. For one, attackers used a variety of third-party websites to infect employees who frequented pages involving a variety of topics, including the development of applications for Google's Android operating system. Previously, only iphonedevsdk.com, a website for iPhone developers, had been identified as being compromised. Also interesting, the latter site was booby-trapped in such a way that it attacked some visitors and not others. Investigators are still investigating exactly what caused the selective exploiting and how specific targets may have been chosen.