New Mac Malware Backdoor.MAC.Elanor: Steal Data, Execute Code, Control Webcam

Well it is finally here … a MAC malware being coined as Backdoor.MAC.Elanor. This malware is embedded into a fake file converter application. Once infected they can steal data, control your camera and so on. The original post can be found HERE.

After the first ever example of Mac ransomware was found in the wild earlier this year, Bitdefender Labs has found what it tells us is only the second example of true Mac malware to enter circulation this year, which it has dubbed Backdoor.MAC.Elanor. The app is available on a number of (formerly?) reputable download sites such as MacUpdate.

macelanorThe backdoor is embedded into a fake file converter application that is accessible online on reputable sites offering Mac applications and software. The EasyDoc Converter.app poses as a drag-and-drop file converter, but has no real functionality – it simply downloads a malicious script.

This is a nasty backdoor that can steal data, execute remote code and access the webcam, among other things …

Malwarebytes director Thomas Reed has reportedly advised MacUpdate that the malware is present on its site, but as the time of writing it had not yet been removed.

Bitfender’s technical lead Tiberius Axinte says that there is no real limit to what Backdoor.MAC.Elanor can do.

This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised system. For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless.

The good news is that the malicious app is not signed by an Apple Developer ID, so as long as you have your Mac set only to open apps from the Mac App Store or known developers, it won’t open. It does, though, emphasize the importance of exercising caution even when downloading apps from reputable sites.

Bitfender has promised more technical details of the malware later this morning.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.