Apple’s Mac systems have been exposed to a dangerous new piece of malware that allows attackers to take full control of OS X.
The new malware, dubbed Backdoor.MAC.Eleanor by security researchers, provides attackers with a backdoor into OS X systems by embedding a script into a fake file converter application that’s found on many reputable sites that sell Mac apps.
“This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised system,” says Tiberius Axinte, Technical Leader, at Bitdefender Antimalware Lab. “For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless.”
Bitdefender researchers found the malware in the EasyDoc Converter app which poses as a drag-and-drop file converter but actually has no functionality other than downloading the malicious script onto the machine.
Backdoor.MAC.Eleanor creates a unique Tor address on infected machines, allowing attackers to connect and fully access the complete files system, as well as capture images and videos through the web camera.
Because the app hasn’t been signed by Apple, security researchers recommend changing your Mac’s security setting to only allow apps downloaded from the Mac App Store and identified developers.
Buster Hein is a freelance writer who lives in Phoenix, Arizona. Twitter: @bst3r.
14 responses to “Dangerous new Mac malware fully compromises OS X”
What about macOS?
Looks like they added the name of the app to the article. EasyDoc Converter.
Considering the default setting for every Mac is to allow apps only from the App Store, or apps that are signed by Apple, this will probably not be a huge deal… but good to know, in any case.
Is there a way to detect if your mac is infected, or how to remove it?
yup, did you download the app? if not you don’t have it
That is why there is this thing called the Mac App Store where Apps are approved to run on your machine… Who still downloads apps from the web to install they manually… That is just stupid!
Unfortunately the Mac App Store only allows apps that follow Apple’s extremely restricted app review rules, which is why a lot of apps can only be distributed outside the MAS.
This is the exact reason why Apple prefers that apps are sandboxed. Unfortunately, security means compromise. iOS is a pristine ecosystem because of the restrictions. On the other side of the coin, Android is a toxic hell stew.
The good news is that with every iteration, Apple finds ways to open up more of the system in a well thought our and secure manner.
It’s not just the sandbox rules. There’s many apps that work fine in a sandbox but Apple’s app review rules forbid them.
You can be a signed developer and not be in the MAS. This code was not even signed, so gatekeeper can’t do anything about it. Don’t used unsigned code.
So much for Macs never getting viruses and malware. Though one could just grab a Linux Live USB, reboot the infected machine, pull mission critical user data, reformat the hard drive, then start anew on Mac OS. But that’s a lot of trouble that can be avoided by being careful.
Being a signed developer and providing apps through the Mac App Store are two DIFFERENT things (although you must be signed to be in the MAS). If you download code that isn’t signed by a developer and certified by Apple, macOS has NO WAY to stop the malware. If they are signed, Apple can update gatekeeper and stop the malware in its tracks. Only used signed code or be VERY VERY certain it’s not malware.
it’s okay, bitdefender makes a mac av client so if you pay them you dont need to worry about this.
why is the author of the app never mentioned in any of these news stories?