Security researchers have discovered a new malware affecting Mac OS X machines that grants attackers full remote access to the computer, as well as stealing data and hijacking the user's webcam.
Researchers from Bitdefender found Backdoor.MAC.Eleanor within a malicious version of a popular free Mac OS X app called EasyDoc Converter. While the real app is meant to convert file formats into documents that can be read and opened with Microsoft Word, the fake app instead simply quietly downloads a malicious script when executed.
The script first checks for the presence of a firewall app called Little Snitch. If the app isn't found, then the script installs itself and creates a Tor hidden service (a path on the Tor anonymity network between the attacker's server and the victim's machine) with a Tor-generated address that initiates a Pastebin agent, while another component of the script sets up a web-based control panel on the victim's machine that gives the attackers full control over the machine.
The web-based control panel enables the attacker to do pretty much do whatever they want with your machine – they can view, edit, rename, delete, upload or download your files, execute commands, execute scripts in a variety of programming languages, connect and administer databases, execute and close programs via the Task Manager and even send emails from your email client with attached files.
And for those of you who are paranoid enough to put tape over your webcam like Mark Zuckerberg and FBI director James Comey, it would probably come in handy in this situation because Eleanor contains a tool that can capture images and videos from Mac machines with built-in webcams.
"This type of malware is particularly dangerous as it's hard to detect and offers the attacker full control of the compromised system," says Tiberius Axinte, Technical Leader, Bitdefender Antimalware Lab. "For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless."
Bitdefender says that users can tell the difference between the real EasyDoc Converter app and the fake Eleanor version because the fake app is not digitally signed by Apple. As a precaution, Mac users are advised to only download applications from reputable websites and to make use of antivirus software to keep their machines safe.