Security researches at Bitdefender have found a new malware that targets Macs. The malware is called Eleanor and can do a whole lot of damage with attackers gaining access to your files, your webcam and the ability to execute code.
Eleanor comes disguised as a drag and drop file convertor called ‘EasyDoc Converter’. Once installed the application runs a malicious script that opens up a backdoor connection to a command and control web server via the encrypted Tor network. This allows attackers the ability to manipulate files, execute commands and scripts and send emails with attachments. It also gives attackers access to your webcam with the ability to capture videos and images.
Bitdefender warns that with this malware an attacker could “lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices.”
Am I infected?
The good news about this malware is that you’re only at risk if you have downloaded ‘EasyDoc Converter’ and installed it on your Mac.
The other good news is that by default, Macs have an extra security feature called Gatekeeper which stops unsigned applications from unidentified developers from running. So unless you disabled Gatekeeper and installed ‘EasyDoc Converter’ you should be safe.
My Mac's infected what now?
Ok, so if you did turn off Gatekeeper and installed the application you definitely have Eleanor on your Mac. If you still have access to your Mac you need to quickly download a good antivirus (Malwarebytes and Sophos have both already been updated to detect Eleanor), run a scan and delete any associated files.
How can I stop this from happening again?
Make sure that Gatekeeper is set to only allow applications from the Mac App Store and identified developers. You should never install applications from an untrusted source.
Hackers are getting smarter and smarter and cases of malware like Eleanor and Cryptolocker are on the rise. Once they have access to your data they can demand payment or threaten to destroy all your files, this is particularly dangerous is you have any business related data on your device. Our advice is to always follow the guidelines we’ve set out above and make sure you have a current Disaster Recovery Plan in place for your business.