Mac malware Eleanor hijacks your local files and email

Malicious code masquerades as file converter

Cyber security skull

New Mac malware that locks people's files and recruit their laptops for botnets has been discovered by cybersecurity researchers.

The malware, known as Backdoor.MAC.Eleanor', was uncovered by Bitdefender, and it is the second bug found to specifically target the Mac OS X  the first being KeRanger ransomware, which was discovered in March.

Bitdefender found Eleanor available on the busy software portal, MacUpdate, masquerading as a free app called EasyDoc Converter'. It claimed to convert a user's FreeOffice and SimpleStats docs to Microsoft Office (.docx) files, but performed no such action when it was run.

Instead, it offered hackers a way to blackmail users and take control of their devices.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"This type of malware is particularly dangerous as it's hard to detect and offers the attacker full control of the compromised system," said Tiberius Axinte, technical leader of Bitdefender Antimalware Lab.

"For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices."

MacUpdate has since blocked the software on its site. Also, the app has not been issued with a certificate assigned to a registered Apple developer. For Mac users, this means it will be slightly tougher for them to be exposed to the malware, as, by default, Mac OS X does not open or install uncertified apps. However, committed users can bypass the security measure.

When the app is run, it first checks for the presence of online check-in masker, Little Snitch. If this app is not found, it then downloads malicious code onto the user's computer.

The malware installs three Mac LaunchAgents in the user's home folder, as well as a hidden folder with executable files.

The LaunchAgents files are named as Dropbox fragments, and include:

Advertisement - Article continues below

~/Library/LaunchAgents/com.getdropbox.dropbox.integritycheck.plist

~/Library/LaunchAgents/com.getdropbox.dropbox.timegrabber.plist

~/Library/LaunchAgents/com.getdropbox.dropbox.usercontent.plist

~/Library/.dropbox/

Advertisement
Advertisement - Article continues below

The three LaunchAgents files activate a Tor hidden service, a web service and a Pastebin agent, according to Bitdefender.

The Pastebin agent lists a victim's Tor address to the Pastebin text repository, where it could be retrieved by attackers.

Advertisement - Article continues below

Hackers using the Eleanor malware can access a computer's file system and administrator database, remotely execute script, and hijack email and email attachments.

Bitdefender's report claims the first upload to Pastebin by this malware occurred on 19 April the malware appears to have been listed on MacUpdate since 16 March.

Advice from cybersecurity firms is to download applications from reputable websites or directly from the developer, and avoid old or abandoned apps.

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/policy-legislation/data-protection/354814/google-to-shift-uk-user-data-to-the-us-post-brexit
data protection

Google to shift UK user data to the US post-Brexit

20 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020