backdoor malware
New Tor-powered backdoor malware targets Macs

The new backdoor malware named Eleanor lets attackers execute scripts and commands, access and modify users’ files and even take snaps using the webcam!

Internet security researchers at software company Bitdefender have detected a new malware targeting Macs. The malware is named Backdoor.MAC.Eleanor. Given the malware, attackers can easily hijack Mac systems and manage them over the Tor network.

 

What is Backdoor.MAC.Eleanor backdoor malware

The dubbed name is a new macOS-targeted malware distributed from a malicious third-party app called EasyDoc Converter. The app boasts a drag-and-drop file converter feature. The app mentions the following false decryption to fake users:

EasyDoc Converter is a fast and simple file converter for OS X. Instantly convert your FreeOffice (.fof) and SimpleStats (.sst) docs to Microsoft Office (.docx) by dropping your file onto the app. EasyDoc Converter is great for employees and students looking for a simple tool for quickly convert files to the popular Microsoft format. EasyDoc Converter lets you get to work quickly by using a simple, clean, drag-and-drop interface. The converted document will be saved in the same directory of the original file.

EasyDoc app was developed with Platypus, a developer tool meant for native Mac apps from Perl, Shell, Ruby, or Python scripts.

 

How the backdoor malware reaches Macs

Eleanor has been named by the researchers at antivirus vendor Bitdefender. The Mac-targeted malware is distributed as a file conversion app through well-known websites offering Mac software. It infects Macs with the mentioned app installed. The app installs a malicious script registered to system startup. It then allows attackers to access infected Mac anonymously.

Eleanor has been named by the researchers at antivirus vendor Bitdefender. The Mac-targeted backdoor malware is distributed as a file conversion app through well-known websites offering Mac software. It infects Macs with the

Eleanor has been named by the researchers at antivirus vendor Bitdefender. The Mac-targeted malware is distributed as a file conversion app through well-known websites offering Mac software. It infects Macs with the

 

Risk that Backdoor.MAC.Eleanor poses to your Mac

The malware creates a Tor hidden service that serves attackers with full anonymous capability to your infected Mac. The access is transferred through a PHP-based local web server faked as Web Service, via a Tor-generated address. Once infected, attackers can additionally do more though a web-based control panel:

  • Scrip execution
  • File manager
  • Command execution
  • Connect and administer databases
  • Send emails with attached files
  • Shell via reverse/bind shell connect
  • Simple packet crafter
  • And process task/list manager

 

Affected Macs by Backdoor.MAC.Eleanor

The list of affected Macs by the new malware, includes mid-2007 or newer MacBook models, entire range of MacBook Air and MacBook Pro, mid-2007 or later Mac Mini and iMac models, and all Mac Pro models. EasyDoc’s system requirement is Intel-based Macs running OS X 10.6 or newer.

Best preventative step is to avoid installing the EasyDoc app of course, from any source.

Apple’s default Gatekeeper security settings are already there to avoid such apps and software from downloading and opening, unless you don’t manually ignore the warning dialog and proceed to open it under System Preferences<Security & Privacy.

Relief for users is that the infected app is not digitally signed by an Apple-approved certificate. It implies that users will see a security warning on the latest OS X version if they accidentally try to install it.

Users can look for trusted anti-malware apps such as BlockBlock and Malwarebytes to stay secured and prevent such backdoor malware from infecting your Macs.

Apple will soon update its Xprotect anti-malware system to block such potential threats like EasyDoc Converter.

Read more about Mac at: 10 Mac OS hidden features you must know

Summary
New Tor-powered backdoor malware targets Macs
Article Name
New Tor-powered backdoor malware targets Macs
Description
Researchers at Bitdefender software company have found a new Tor-powered backdoor malware, Backdoor.MAC.Eleanor distributed through EasyDoc Converter app.
Author
Publisher Name
SoftwareVilla
Publisher Logo
SHARE
Previous articleHow to set up iCloud Family Sharing
Next article5 best online photo editors 2016
Ankita Gairola is an R&D Engineer at SoftwareVilla. She grew up flirting with available technologies and happens to be a dynamic writer with flair of explaining complex technologies with ease to readers from all walks of life. A gadget geek, Gairola spends a major part of each day outscoring latest technologies, playing Xbox and reading books. She learned the ropes to effective writing in her very early days and has penned over 5000 articles for different press and media sources.