The new backdoor malware named Eleanor lets attackers execute scripts and commands, access and modify users’ files and even take snaps using the webcam!
Internet security researchers at software company Bitdefender have detected a new malware targeting Macs. The malware is named Backdoor.MAC.Eleanor. Given the malware, attackers can easily hijack Mac systems and manage them over the Tor network.
What is Backdoor.MAC.Eleanor backdoor malware
The dubbed name is a new macOS-targeted malware distributed from a malicious third-party app called EasyDoc Converter. The app boasts a drag-and-drop file converter feature. The app mentions the following false decryption to fake users:
EasyDoc Converter is a fast and simple file converter for OS X. Instantly convert your FreeOffice (.fof) and SimpleStats (.sst) docs to Microsoft Office (.docx) by dropping your file onto the app. EasyDoc Converter is great for employees and students looking for a simple tool for quickly convert files to the popular Microsoft format. EasyDoc Converter lets you get to work quickly by using a simple, clean, drag-and-drop interface. The converted document will be saved in the same directory of the original file.
EasyDoc app was developed with Platypus, a developer tool meant for native Mac apps from Perl, Shell, Ruby, or Python scripts.
How the backdoor malware reaches Macs
Eleanor has been named by the researchers at antivirus vendor Bitdefender. The Mac-targeted malware is distributed as a file conversion app through well-known websites offering Mac software. It infects Macs with the mentioned app installed. The app installs a malicious script registered to system startup. It then allows attackers to access infected Mac anonymously.
Eleanor has been named by the researchers at antivirus vendor Bitdefender. The Mac-targeted backdoor malware is distributed as a file conversion app through well-known websites offering Mac software. It infects Macs with the
Eleanor has been named by the researchers at antivirus vendor Bitdefender. The Mac-targeted malware is distributed as a file conversion app through well-known websites offering Mac software. It infects Macs with the
Risk that Backdoor.MAC.Eleanor poses to your Mac
The malware creates a Tor hidden service that serves attackers with full anonymous capability to your infected Mac. The access is transferred through a PHP-based local web server faked as Web Service, via a Tor-generated address. Once infected, attackers can additionally do more though a web-based control panel:
- Scrip execution
- File manager
- Command execution
- Connect and administer databases
- Send emails with attached files
- Shell via reverse/bind shell connect
- Simple packet crafter
- And process task/list manager
Affected Macs by Backdoor.MAC.Eleanor
The list of affected Macs by the new malware, includes mid-2007 or newer MacBook models, entire range of MacBook Air and MacBook Pro, mid-2007 or later Mac Mini and iMac models, and all Mac Pro models. EasyDoc’s system requirement is Intel-based Macs running OS X 10.6 or newer.
Best preventative step is to avoid installing the EasyDoc app of course, from any source.
Apple’s default Gatekeeper security settings are already there to avoid such apps and software from downloading and opening, unless you don’t manually ignore the warning dialog and proceed to open it under System Preferences<Security & Privacy.
Relief for users is that the infected app is not digitally signed by an Apple-approved certificate. It implies that users will see a security warning on the latest OS X version if they accidentally try to install it.
Users can look for trusted anti-malware apps such as BlockBlock and Malwarebytes to stay secured and prevent such backdoor malware from infecting your Macs.
Apple will soon update its Xprotect anti-malware system to block such potential threats like EasyDoc Converter.
Read more about Mac at: 10 Mac OS hidden features you must know