A particularly dangerous piece of OS X malware that can give attackers full access to a compromised Apple Mac has been discovered by security researchers Bitdefender,
The malware which is hidden in a fake file converter application called EasyDoc Convertor, can also give the attackers access to the machine’s webcam.
Bitdefender is calling this particular malware ‘Backdoor.MAC.Eleanor‘. The malware “exposes Apple systems to cyber-espionage and full, clandestine control from malicious third-parties,” the security firm warned.
The way this malware spreads is when a Mac user downloads the fake EasyDoc converter.app, which has no real functionality other than downloading malicious script. The script then installs and registers Tor Hidden Service and Web Service (PHP) components to the system startup.
Bitdefender says that the Tor Hidden Service allows an attacker to anonymously access the control-and-command centre remotely. Web Service (PHP) then gives the attacker full control over the infected system.
But the malware also has a nasty secondary purpose in that it can capture video and images from the infected system’s webcam, using a tool called ‘wacaw’. The malware also uses a daemon to retrieve updates and files from the user’s computer or execute shell scripts.
Bitdefender says that every infected machine has a unique Tor address that the attacker uses to connect and download the malware. All addresses are stored on pastebin.com using this agent, after being encrypted with a public key using RSA and base64 algorithms.
“This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised systems,” warned Tiberius Axinte, Technical Leader at Bitdefender Antimalware Labs. “For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless.”
Bitdefender said that the fake app is not digitally signed by Apple, and has warned Apple users to stick with downloading apps only from reputable websites. It also says Apple users should nowadays use a security solution to defend against a growing list of Mac-targeting malware.
2014 in particular was a bad year for Apple. It emerged that the iPad maker had to develop a patch for a serious vulnerability called “Rootpipe”. That flaw reportedly gave hackers admin privileges on a compromised Mac. To make matters worse, the hackers could exploit the flaw to give themselves the highest admin level, known as root access.
That same year Apple also fixed a number of bugs and security flaws in an update to OS X Mavericks, and there have been many other flaws and vulnerabilities over the years as well.
In 2012, Apple was criticised by security researchers who claimed it did not react fast enough to kill off a prevalent malware strain, called Flashback.
Matters were not helped last year when Apple was accused of knowing about major zero-day flaws in its iOS and OS X operating systems for at least eight months.
Researchers also warned that cybercriminals could use an iOS vulnerability to hack Apple Pay.
Are you a security pro? Try our quiz!
Discover how emerging technologies like AI, blockchain, and edge computing are set to revolutionise industries…
US Federal Aviation Administration approves SpaceX's Falcon 9 rockets to return to service following second-stage…
Social media platform X drops Unilever from lawsuit against advertisers after reaching agreement on 'safety…
US Congressional Representatives ask for answers from AT&T, Verizon, Lumen Technologies after wiretap networks reportedly…
Swedish EV battery start-up Northvolt in talks for 200m euros in short-term funding as it…
US labour officials say Apple illegally restricted employees' right to discuss workplace issues on Slack…