Showing posts with label Backdoor MAC Eleanor. Show all posts
Showing posts with label Backdoor MAC Eleanor. Show all posts

Tuesday, July 12, 2016

How to find out if your Mac is infected with Backdoor.MAC.Eleanor

Mac

Malware – Backdoor MAC Eleanor


Bitfender had recently announced that its researchers had found new malware which tends to target Macs. The malware is referred as Backdoor MAC Eleanor and has the potential of compromising your system completely. While the malware exists, attackers can steal files, execute code, and control the webcam and much more. Hackers regularly check for exploits with the slightest resistance and in several cases its users seem to be taken unaware.

It tends to come packaged inside what seems to be a legitimate file converter application known as EasyDoc Converter. But the application does not tend to work essentially.Once it is installed, it seems to run a malevolent script that installs a Tor hidden service enabling attackers to access remotely and control the infected machine.

The script tends to set up a web service giving attackers the capability of manipulating files, access a list of running processes and application, execute commands and scripts as well as send emails together with attachments. The malware also tends to utilise a tool known as `wacaw’ which enables an attacker to seize videos as well as images by utilising the built-in webcam.

Packaged in EasyDoc Converter Application


On utilising this software, Bitdefender cautions that an attacker could `lock you out of one’s laptop and threaten to blackmail in restoring your private files or transform your laptop into a botnet in order to attack other devices. Observing that the malware has only been discovered packaged in the EasyDoc Converter application the user needs to download the application, install and run it for the machine to have been affected by it.

An extra security measure by Macs known as Gatekeeper located in System Preferences under Security & Privacy could be helpful. It stops unsigned applications from unidentified developers by default, from running. If an unsigned application, outside the Mac App Store is downloaded and tried to run it, you would come across a prompt stating the application can’t be opened.

If you tend to download the application presuming that you do not have Gatekeeper disabled, a prompt would appear while attempting to run the application. In order to open the app, you will have to intentionally supersede the security settings for running the application the first time.

Malwarebytes/Sophos – Detect Backdoor MAC Eleanor


Your Mac will not be infected with the Backdoor MAC Eleanor malware, if you have not downloaded the application or did not bypass the Gatekeeper setting in order to run it. On the contrary, if you did it either, your Mac could have likely been infected. If one still has access to your Mac, there is Malwarebytes and Sophos which have already been updated in detecting Backdoor MAC Eleanor and any anti-virus software which tends to scan for malware would soon come up.

 In order to free your Mac of the malware, you could download Malwarebytes Anti-Malware application for Mac or Sophos Home and run a scan instantly, deleting any related files. To evade such situations in the future, one should ensure that Gatekeeper settings are set only to permit applications from Mac App Store and identified developers. If it is essential to install an application from an unidentified developer, ensure that it is from a trusted source.