360 Total Security Blog

New malware targeting Mac users detected

A new malware targeting Mac computers has been detected. This new malware for Mac is known as Backdoor.MAC.Eleanor, and affects OS X (recently renamed as macOs) users, and allows the attacker to anonymously access the infected computer.

This malware is transmitted through a malicious third party application called EasyDoc converter, a drag-and-drop file converter. EasyDoc Converter converts FreeOffice documents (with .fof extensions) and SimpleStats (.sst) to Microsoft Office format (.docx), using a drag-and-drop interface.

Backdoor.MAC.Eleanor infects Mac computers with EasyDoc Converter installed, by installing a malicious script in the host. This script registers itself to the system startup, and lets the attacker access the infected Mac. By creating a Tor hidden service – which allows anonymous communication – the attackers are able remotely access the infected Mac through a PHP-based Web Service.

When the attackers gain the remote access to the computer, they can execute commands, modify files or access to the webcam. These are the abilities the attacker will be able to access through a control panel:

• File manager (view, edit, rename, delete, upload, download, archiver, etc)
• Command execution
• Script execution (php, perl, python, ruby, java, c)
• Shell via bind/reverse shell connect
• Simple packet crafter
• Connect to DBMS (mysql, sqlite, pdo)
• Process list/Task manager
• Send mail with attachment
• String conversion

Backdoor.MAC.Eleanor has also the ability to capture images and videos from users’ webcams through a different tool.

This malware for Mac can affect all MacBook Air and MacBook Pro models, MacBook after mid 2007, Mac mini and iMac models after mid 2007, and also all Mac Pro models, since EasyDoc Converter runs on OS X 10.6 (Snow Leopard) or newer versions on Macs with at least 5 GB of free space and 1 GB of RAM. Check your Mac model to know if your computer is on the list.

To stay protected against Backdoor.MAC.Eleanor, avoid downloading unknown applications, specially do not download EasyDoc Converter from any source.