Apple backdoor malware steals the keys to your kingdom

Aside from adware, Eleanor is only the second piece of malware tailored for Mac systems.

zdnet-apple-osx-malware.jpg
Malwarebytes

New malware tailored for Apple Mac systems opens a backdoor into compromised machines giving cyberattackers full reign over your PC.

Dubbed Backdoor.MAC.Eleanor, the malware has been discovered in free Mac OS X apps and can cause widespread havoc if executed, including installing backdoors and granting attackers remote access and the means to spy on you.

Researchers from Malwarebytes note that Eleanor is only the second "true" piece of malware that has been discovered in the wild specifically tailored to Mac systems (the first being the KeRanger ransomware).

While Microsoft Windows is a constant target for countless malware types and strains, Mac-based malware is far rarer -- due to a more limited attack range and fewer developers interested in attacking these users.

No system will ever be 100-percent secure, however, and Apple's operating system has more than enough trouble with adware and ransomware. What separates Eleanor from the rest is that attackers can gain full access to a vulnerable machine.

The malware finds it way onto Mac systems through MacUpdate in the form of the free app EasyDoc Converter. While the legitimate app is used to convert file formats into Microsoft Word, the malicious app discovered by BitDefender only pretends to do so.

Instead, Eleanor installs a backdoor when the app is executed.

Once opened, the app runs a shell script that checks for the presence of Little Snitch. If the firewall application is not present, then three LaunchAgents are installed, which pretend to be Dropbox files. According to BitDefender, the malware is then able to create a tunnel for the attacker to remotely access the victim's machine through the Tor network and initiate a Pastebin agent.

Attackers are then able to delete, modify, and steal files, execute commands and scripts, create packets and send emails without any restrictions -- as well as capture images and footage from webcams.

One small saving grace, however, is that the app is not signed with a certificate issued to an Apple developer ID. As Apple by default does not open unsigned apps, this does give users a moment to consider whether to continue -- even though the app can be opened anyway.

"This type of malware is particularly dangerous as it's hard to detect and offers the attacker full control of the compromised system," says Tiberius Axinte, technical leader at Bitdefender Antimalware Lab. "For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless."

When you download apps away from the Apple App Store, it can be a risky business. To protect yourself from such a threat, you should make sure you only download from trusted sources and take a moment to pause before opening any app that does not have a legitimate, signed security certificate.