IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Mac malware Eleanor hijacks your local files and email

Malicious code masquerades as file converter

Cyber security skull

New Mac malware that locks people's files and recruit their laptops for botnets has been discovered by cybersecurity researchers.

The malware, known as Backdoor.MAC.Eleanor', was uncovered by Bitdefender, and it is the second bug found to specifically target the Mac OS X  the first being KeRanger ransomware, which was discovered in March.

Bitdefender found Eleanor available on the busy software portal, MacUpdate, masquerading as a free app called EasyDoc Converter'. It claimed to convert a user's FreeOffice and SimpleStats docs to Microsoft Office (.docx) files, but performed no such action when it was run.

Instead, it offered hackers a way to blackmail users and take control of their devices.

"This type of malware is particularly dangerous as it's hard to detect and offers the attacker full control of the compromised system," said Tiberius Axinte, technical leader of Bitdefender Antimalware Lab.

"For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices."

MacUpdate has since blocked the software on its site. Also, the app has not been issued with a certificate assigned to a registered Apple developer. For Mac users, this means it will be slightly tougher for them to be exposed to the malware, as, by default, Mac OS X does not open or install uncertified apps. However, committed users can bypass the security measure.

When the app is run, it first checks for the presence of online check-in masker, Little Snitch. If this app is not found, it then downloads malicious code onto the user's computer.

The malware installs three Mac LaunchAgents in the user's home folder, as well as a hidden folder with executable files.

The LaunchAgents files are named as Dropbox fragments, and include:

~/Library/LaunchAgents/com.getdropbox.dropbox.integritycheck.plist

~/Library/LaunchAgents/com.getdropbox.dropbox.timegrabber.plist

~/Library/LaunchAgents/com.getdropbox.dropbox.usercontent.plist

~/Library/.dropbox/

The three LaunchAgents files activate a Tor hidden service, a web service and a Pastebin agent, according to Bitdefender.

The Pastebin agent lists a victim's Tor address to the Pastebin text repository, where it could be retrieved by attackers.

Hackers using the Eleanor malware can access a computer's file system and administrator database, remotely execute script, and hijack email and email attachments.

Bitdefender's report claims the first upload to Pastebin by this malware occurred on 19 April the malware appears to have been listed on MacUpdate since 16 March.

Advice from cybersecurity firms is to download applications from reputable websites or directly from the developer, and avoid old or abandoned apps.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022