New OS X Malware has been discovered by researchers at security firm Bitdefender Labs that creates a backdoor into your Mac and leaves it vulnerable to attack. The malware titled Backdoor.MAC.Eleanor is delivered to your system disguised as a drag and drop file converted called EasyDoc Converter.
OS X Malaware – What is EasyDoc Converter
The app, which until recently was available on the MacUpdate web site has the following description.
EasyDoc Converter is a fast and simple file converter for OS X. Instantly convert your FreeOffice (.fof) and SimpleStats (.sst) docs to Microsoft Office (.docx) by dropping your file onto the app. EasyDoc Converter is great for employees and students looking for a simple tool for quickly convert files to the popular Microsoft format. EasyDoc Converter lets you get to work quickly by using a simple, clean, drag-and-drop interface. The converted document will be saved in the same directory of the original file.
In reality, EasyDoc Converter doesn’t convert anything. Rather, the app installs a hidden service, known as a Tor, onto your Mac which allows the attacker to ultimately take control of your machine and access and modify files, execute shell commands, capture images and videos from iSight or FaceTime webcams, and more through a web-based control panel.
OS X Malware – Which Macs are Affected
According to MacUpdate, EasyDoc Converter was compatible with Intel-based Macs running OS X 10.6 (Snow Leopard) or later. Based on that, it appears the following Macs are at risk:
- Mid 2007 or newer MacBooks
- All MacBook Air and MacBook Pro models
- Mid 2007 or newer Mac mini and iMac models
- All Mac Pro models.
You can identify your Mac model by clicking on the Apple logo on the top-left of the menu bar and selecting “About This Mac.”
OS X Malware – How to Avoid It
Currently, it is believed that Backdoor.MAC.Eleanor is only delivered to your Mac by way of the EasyDoc Coverter app so the most obvious way to avoid a problem is to not install the app. Fortunately, the app is not signed with an Apple Developer Certificate. Therefore, the default Gatekeeper security settings in OS X will prevent EasyDoc Converter from opening, unless you ignore the warning dialog and proceed to manually open the app under System Preferences > Security & Privacy.
Going forward, a way to protect your Mac from future infections of this type is to install a trusted anti-malware application like BlockBlock (find it here), from Objective-See. BlockBlock, which is currently still in beta, continually monitors common persistence locations and displays an alert whenever a persistent component (which is often how malware works), is added to the OS. Objective-See provides free, simple, yet effective OS X security tools and is also the creator of the free RansomWhere? detection tool we previously reviewed here.
If you previously installed EasyDoc Converter and are concerned your Mac may already be infected, you can install the free Malwarebytes, Anti-Malware for Mac (available here), which has already been updated to detect and remove Backdoor.MAC.Eleanor. Be aware that this software identifies this infection as OSX.Backdoor.Eleanor, but it is the same thing.
If you liked this article, please consider sharing it with your friends and leaving a comment below.
Also, don’t forget to “Like” us on Facebook and “Follow Us” on Twitter.