Malware targets OS X and gives attackers webcam access via Tor and full access of compromised Mac
A particularly dangerous piece of OS X malware that can give attackers full access to a compromised Apple Mac has been discovered by security researchers Bitdefender,
The malware which is hidden in a fake file converter application called EasyDoc Convertor, can also give the attackers access to the machine’s webcam.
Unfortunately, this fake app containing the malware has been available for download on reputable sites offering Mac applications and software, meaning there is a probability that it has achieved widespread infection.
Bitdefender is calling this particular malware ‘Backdoor.MAC.Eleanor‘. The malware “exposes Apple systems to cyber-espionage and full, clandestine control from malicious third-parties,” the security firm warned.
The way this malware spreads is when a Mac user downloads the fake EasyDoc converter.app, which has no real functionality other than downloading malicious script. The script then installs and registers Tor Hidden Service and Web Service (PHP) components to the system startup.
Bitdefender says that the Tor Hidden Service allows an attacker to anonymously access the control-and-command centre remotely. Web Service (PHP) then gives the attacker full control over the infected system.
But the malware also has a nasty secondary purpose in that it can capture video and images from the infected system’s webcam, using a tool called ‘wacaw’. The malware also uses a daemon to retrieve updates and files from the user’s computer or execute shell scripts.
Bitdefender says that every infected machine has a unique Tor address that the attacker uses to connect and download the malware. All addresses are stored on pastebin.com using this agent, after being encrypted with a public key using RSA and base64 algorithms.
“This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised systems,” warned Tiberius Axinte, Technical Leader at Bitdefender Antimalware Labs. “For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless.”
Bitdefender said that the fake app is not digitally signed by Apple, and has warned Apple users to stick with downloading apps only from reputable websites. It also says Apple users should nowadays use a security solution to defend against a growing list of Mac-targeting malware.
Apple has had a solid security reputation for a number of years now, but attackers have increasingly turned their attention to Mac devices of late. Despite this, an OPSWAT report revealed last year that only half of Mac users have antivirus protection.
2014 in particular was a bad year for Apple. It emerged that the iPad maker had to develop a patch for a serious vulnerability called “Rootpipe”. That flaw reportedly gave hackers admin privileges on a compromised Mac. To make matters worse, the hackers could exploit the flaw to give themselves the highest admin level, known as root access.
In 2012, Apple was criticised by security researchers who claimed it did not react fast enough to kill off a prevalent malware strain, called Flashback.
Matters were not helped last year when Apple was accused of knowing about major zero-day flaws in its iOS and OS X operating systems for at least eight months.
Researchers also warned that cybercriminals could use an iOS vulnerability to hack Apple Pay.
Are you a security pro? Try our quiz!