Internet security software company Bitdefender’s research lab has disclosed new malware targeting Macs called Backdoor.MAC.Eleanor. Backdoor.MAC.Eleanor grants attackers full access to Mac systems.
The application name is EasyDoc Converter.app, and its main functionality should be to convert documents, but it does anything but that. Instead, it silently installs a backdoor in the system that gives the attacker full access to the operating system, to file explorer, shell execution, webcam image and video capture and more. The application is created using Platypus, a tool used for native Mac apps from shell, Perl, Python or Ruby scripts (http://sveinbjorn.org/platypus). The application looks like a convertor,where you can drop files, but it has no real functionality.
EasyDoc Converter was previously available on software download website MacUpdate, but the app was removed by 5th July 2016. It may remain available for download elsewhere online. The app was never available through the Mac App Store.
The most important and obvious preventative measure is to avoid downloading “EasyDoc Converter.app” from any source. Installing unfamiliar apps from unidentified developers is almost always a security risk. Apple’s default Gatekeeper security settings already prevent EasyDoc Converter from opening, unless you ignore the warning dialog and proceed to manually open the app under System Preferences > Security & Privacy.
Mac users can also download a trusted anti-malware app such as BlockBlock, which continually monitors common persistence locations and displays an alert whenever a persistent component is added to the system. Users that already installed EasyDoc Converter can download anti-malware software Malwarebytes, which has already been updated to detect and remove Backdoor.MAC.Eleanor.