'Pintsized' malware bypassed GateKeeper to affect tech companies

New findings show the recent malware attack that affected employees of Facebook, Apple, and Twitter was able to do so in part by bypassing Apple's GateKeeper security system in OS X.

Gatekeeper is a new technology in OS X Mountain Lion that allows programs to only execute if they are properly signed or if they only come from the Mac App Store. This works by the system blocking all execution and then settings up group-based rules to allow specific program types to run. For example, the default rule sets are for signed applications and those from the Mac App Store, but you can create your own to allow specific programs to run without warnings.

While this technology is intended to provide a layer of security against malware attacks, it apparently is not 100 percent successful. In the recent attacks where a threat by the name of "Pintsized" affected systems at Facebook, Twitter, and Apple itself, one aspect of this attack noted by security company Intego was the threat's ability to exploit GateKeeper and then set up a reverse shell on affected systems in an effort to steal sensitive information.

When this malware was first discovered its ability to bypass GateKeeper was suspected, but was largely just making rounds in security e-mail lists and other discussions; however, both Ars Technica and The Security Ledger are reporting that this aspect of the attack is likely what made it more effective and resulted in it affecting employees at tech companies.

The malware was otherwise spread using classic tactics of compromised Web sites that in this case discussed topics such as application development for Android systems. The fact that this effort was able to bypass GateKeeper serves as a good reminder that even stringent security measures like GateKeeper are not invulnerable, and the fact that it affected developers suggests that even those in the tech industry who are arguably quite computer savvy are vulnerable to attacks.

Granted even with this latest attack the malware scene for OS X is not large, but it does offer an increasing view that Mac users consider security software for their systems. OS X has been relatively free of malware and even with these and prior attacks included the need for security software is arguable, especially since some security software packages have historically been more of a problem than a benefit to users.

If you are concerned about malware and are wondering about the necessity of security software for OS X, then a good place to start for an understanding of how to protect yourself is Security Analyst Thomas Reed's Mac Malware Guide. Overall for most people this new development will not change anything, but only nudges the idea of anti-malware tools being a necessity a touch higher on the list of priorities.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.