Mac malware Eleanor hijacks your local files and email
Malicious code masquerades as file converter

New Mac malware that locks people's files and recruit their laptops for botnets has been discovered by cybersecurity researchers.
The malware, known as Backdoor.MAC.Eleanor', was uncovered by Bitdefender, and it is the second bug found to specifically target the Mac OS X the first being KeRanger ransomware, which was discovered in March.
Bitdefender found Eleanor available on the busy software portal, MacUpdate, masquerading as a free app called EasyDoc Converter'. It claimed to convert a user's FreeOffice and SimpleStats docs to Microsoft Office (.docx) files, but performed no such action when it was run.
Instead, it offered hackers a way to blackmail users and take control of their devices.
"This type of malware is particularly dangerous as it's hard to detect and offers the attacker full control of the compromised system," said Tiberius Axinte, technical leader of Bitdefender Antimalware Lab.
"For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices."
MacUpdate has since blocked the software on its site. Also, the app has not been issued with a certificate assigned to a registered Apple developer. For Mac users, this means it will be slightly tougher for them to be exposed to the malware, as, by default, Mac OS X does not open or install uncertified apps. However, committed users can bypass the security measure.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
When the app is run, it first checks for the presence of online check-in masker, Little Snitch. If this app is not found, it then downloads malicious code onto the user's computer.
The malware installs three Mac LaunchAgents in the user's home folder, as well as a hidden folder with executable files.
The LaunchAgents files are named as Dropbox fragments, and include:
~/Library/LaunchAgents/com.getdropbox.dropbox.integritycheck.plist
~/Library/LaunchAgents/com.getdropbox.dropbox.timegrabber.plist
~/Library/LaunchAgents/com.getdropbox.dropbox.usercontent.plist
~/Library/.dropbox/
The three LaunchAgents files activate a Tor hidden service, a web service and a Pastebin agent, according to Bitdefender.
The Pastebin agent lists a victim's Tor address to the Pastebin text repository, where it could be retrieved by attackers.
Hackers using the Eleanor malware can access a computer's file system and administrator database, remotely execute script, and hijack email and email attachments.
Bitdefender's report claims the first upload to Pastebin by this malware occurred on 19 April the malware appears to have been listed on MacUpdate since 16 March.
Advice from cybersecurity firms is to download applications from reputable websites or directly from the developer, and avoid old or abandoned apps.
-
Blackouts in Spain and Portugal could be a cyber attack
Both countries are "paralyzed" by nationwide power outages
By Jane McCallion
-
Cisco takes aim at AI security at RSAC with ServiceNow partnership
News The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
By Jane McCallion
-
Apple-certified ransomware affected fewer than 7,000 computers
News Downloads of KeRanger-infected Transmission BitTorrent client less widespread than feared
By Jane McCallion
-
Shellshock: Apple rolls out OS X patches for Bash bug
News “Safe by Default” Macs get patched just in case
By Rene Millman
-
Adobe unveils Flash Player security update
News Software vendor to plug security holes in media player with latest product update.
By Rene Millman
-
Mac OS X Lion password-changing flaw uncovered
News Changing passwords looks awfully simple for anyone who has acquired access to a Mac OS X Lion machine.
By Tom Brewster
-
Mac Defender threat is ‘no surprise’
News Macs are being increasingly targeted by cyber criminals looking to dupe users into parting with their cash.
By Tom Brewster
-
Mac OS X gets first ever crimeware kit
News Mac OS X users are being targeted by the first ever crimeware created for the operating system.
By Tom Brewster
-
Apple admits anti-virus need for Mac OS
News Mac users may think they are safe, but Apple admits that users should be running anti-virus software on their systems.
By Asavin Wattanajantra