The malware’s technical name is Backdoor.MAC.Eleanor, and now, its creators are distributing it to victims as EasyDoc Converter, a Mac app that allows users to convert files by dragging them over a small window. The malware “exposes Apple systems to cyber-espionage and full, clandestine control from malicious third-parties”, the security firm warned. While the real app is meant to convert file formats into documents that can be read and opened with Microsoft Word, the fake app instead simply quietly downloads a malicious script when executed.
Advertisement
However, if the code is executed, it will download and install the backdoor component, called icloudsyncd, which connects to a command-and-control channel over the Tor anonymity network.
The PHP Web service is the receiving end of that connection, being also tasked with interpreting the commands it receives from the crook’s control panel to the local Mac operating system.
This component gives the attacker full control over the infected machine.
The three LaunchAgents files activate a Tor hidden service, a web service and a Pastebin agent, according to Bitdefender.
But the malware also has a nasty secondary objective in that it can capture video and images from the infected system’s webcam, using a tool called “wacaw”.
The Pastebin agent takes the system’s.onion URL, encrypts it with an RSA public key and posts it on Pastebin where attackers can find it and use it.
Bitdefender says that every infected machine has a unique Tor address that the attacker uses to connect and download the malware.
Such an app could allow an attacker to lock you out of your laptop, transform it into a botnet so it could carry out attacks on other devices or demand money from someone for the return of private files.
Advertisement
Releasing the malware is as easy as installing the “EasyDoc Converter.app” onto your Mac desktop or laptop. As a safety precaution, Bitdefender recommends downloading applications exclusively from reputable websites, and using a security solution for Apple devices to fend off Mac-targeting malware and other specific threats. “The possibilities are endless”.
