Backdoor.MAC.Eleanor turns Macs into spying machines

Next to Linux users, Mac users love to boast how their systems are less prone to the viruses and malware that plague Windows. That, however, isn't a blanket truth and Macs do have their share of problems. Case in point is this new backdoor malware reported by security firm Bitdefender. Named Backdoor.MAC.Eleanor, this malware users social engineering techniques to get users to download seemingly innocent but really infected software to open up their Macs to hackers, exposing all data and all functionality to attackers and anyone who'll pay to have users' precious data.

An infection starts almost like any attack, by downloading an unsigned and potentially dangerous app off some website. In this particular case, however, the app, "EasyDoc Converter", can be downloaded off a "reputable" website for Mac apps. Bitdefender doesn't name the site, perhaps to safeguard that site's reputation. Downloading and installing the app should already give users some hint. The app does absolutely nothing. But by then it's already too late.

The app actually installs some malicious scripts and programs, particular a local Tor and Web service. Here the malware is a bit unique. While most malware phone home to a remote C&C server, the backdoor actually installs the C&C server on the infected machine. The hacker instead access the Mac by navigating to that web server and entering a password. So instead of simply sending files from Mac to remote server, it opens up the Mac to full control by the attacker. It does communicate remotely with the attacker but only indirectly. It passes the infected machine's IP address to the public service for the attacker to find and use in an attack.

Once the attacker gets control of the machine, he or she can do almost anything, from browsing files like a normal user to using the Mac's resources. It can even record video and audio. All of these naturally happens without the user's knowledge. The perfect spying machine.

Bitdefender doesn't immediately give a solution on how to clean infected systems, so, for now, prevention is key. The usual advice about downloading apps only from trusted sources applies. Anti-malware and app scanning utilities, like those from Apple itself, are also highly recommended.

SOURCE: Bitdefender