The application for Mac "EasyDoc Converter" installs a wide range of malware on the computer of the victim. The explanation is not signed by Apple, which means that the Gatekeeper tool macOS should adequately protect users with default settings. Bitdefender researchers published an analysis detailing malware package, calling him "Backdoor.MAC.Eleanor."
The malware is hidden inside a false converter application file called "EasyDoc Converter.app." Once users install the non-functional software, download a malicious script.
After installing the application, a number of tools that can access the camera FaceTime, download files, execute commands and even send emails with attachments is obtained.
Remote access FaceTime camera is possible through an access tool to the open source camera known as "wacaw". The EasyDoc converter also includes a Tor hidden service, allowing attackers to remotely control the machine.
However, users who have the security package Gatekeeper Apple enabled on your Mac, would be protected.
In addition, an application monitoring Internet as Little Snitch can be used to monitor and block incoming and outgoing transmissions. In addition, similar utilities to "BlockBlock" Patrick Wardle can prevent the installation of components such as persistent malware.
Today's news about malware "Backdoor.MAC.Eleanor" is the second specific discovery of OS X in 2016. In March, a fake version of BitTorrent client "Transmission" was uploaded to the repository and file was downloaded about 6,500 times in his brief availability.
With regard to the installation of Backdoor.Mac.Eleanor, the computer forensics expert Jonathan Zdziarski said the malware "package could be serious for users who did run the program, but of course the lesson is that you should be careful what that is installed on your computer. "