New malware exposes Macs to full concealed control

A newly discovered malware exposes Mac systems to cyber espionage and full concealed control by attackers.

The malware strain, discovered by Bitdefender researchers and dubbed Backdoor.MAC.Elanor, embeds a backdoor into a fake file converter application accessible on reputable sites offering Mac software.

EasyDoc Converter.app poses as a drag-and-drop file converter but has no legitimate functionality, BitDefender researchers have shown. Its true purpose is to infect Mac systems by downloading a malicious script.

The script installs and registers components including a Tor hidden service that allows attackers to anonymously access a command-and-control centre via a local web service.

This gives attackers full control over the infected machine, including the ability to view, edit, rename, delete, upload and download files.

Attackers can also execute commands and scripts, remotely execute root commands, send emails with attached files, access a list of all tasks running on the system, probe any installed firewalls for vulnerabilities and even capture images and videos from built-in webcams.

“This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised system,” Bitdefender Antimalware Lab technical leader Tiberius Axinte said.

“For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless.”

The app is not digitally signed by Apple and antivirus programs for Mac systems can help defend against such attacks, he said.

Image courtesy of Chris Cook under CC