A particularly dangerous piece of OS X malware that can give attackers full access to a compromised Apple Mac has been discovered by security researchers Bitdefender,
The malware which is hidden in a fake file converter application called EasyDoc Convertor, can also give the attackers access to the machine’s webcam.
Bitdefender is calling this particular malware ‘Backdoor.MAC.Eleanor‘. The malware “exposes Apple systems to cyber-espionage and full, clandestine control from malicious third-parties,” the security firm warned.
The way this malware spreads is when a Mac user downloads the fake EasyDoc converter.app, which has no real functionality other than downloading malicious script. The script then installs and registers Tor Hidden Service and Web Service (PHP) components to the system startup.
Bitdefender says that the Tor Hidden Service allows an attacker to anonymously access the control-and-command centre remotely. Web Service (PHP) then gives the attacker full control over the infected system.
But the malware also has a nasty secondary purpose in that it can capture video and images from the infected system’s webcam, using a tool called ‘wacaw’. The malware also uses a daemon to retrieve updates and files from the user’s computer or execute shell scripts.
Bitdefender says that every infected machine has a unique Tor address that the attacker uses to connect and download the malware. All addresses are stored on pastebin.com using this agent, after being encrypted with a public key using RSA and base64 algorithms.
“This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised systems,” warned Tiberius Axinte, Technical Leader at Bitdefender Antimalware Labs. “For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless.”
Bitdefender said that the fake app is not digitally signed by Apple, and has warned Apple users to stick with downloading apps only from reputable websites. It also says Apple users should nowadays use a security solution to defend against a growing list of Mac-targeting malware.
2014 in particular was a bad year for Apple. It emerged that the iPad maker had to develop a patch for a serious vulnerability called “Rootpipe”. That flaw reportedly gave hackers admin privileges on a compromised Mac. To make matters worse, the hackers could exploit the flaw to give themselves the highest admin level, known as root access.
That same year Apple also fixed a number of bugs and security flaws in an update to OS X Mavericks, and there have been many other flaws and vulnerabilities over the years as well.
In 2012, Apple was criticised by security researchers who claimed it did not react fast enough to kill off a prevalent malware strain, called Flashback.
Matters were not helped last year when Apple was accused of knowing about major zero-day flaws in its iOS and OS X operating systems for at least eight months.
Researchers also warned that cybercriminals could use an iOS vulnerability to hack Apple Pay.
Are you a security pro? Try our quiz!
Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…
Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…
Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…
Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…
Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal
Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…