What Mac users need to know about ‘Backdoor.MAC.Eleanor’

“Internet security software company Bitdefender’s research lab has disclosed new malware targeting Macs called Backdoor.MAC.Eleanor,” Joe Rossignol reports for MacRumors.

“Backdoor.MAC.Eleanor is new macOS malware arising from a malicious third-party app called EasyDoc Converter, which poses as a drag-and-drop file converter,” Rossignol reports. “EasyDoc Converter was previously available on software download website MacUpdate, but the app was removed by July 5. It may remain available for download elsewhere online. The app was never available through the Mac App Store.”

Rossignol reports, “Apple’s default Gatekeeper security settings already prevent EasyDoc Converter from opening, unless you ignore the warning dialog and proceed to manually open the app under System Preferences > Security & Privacy.”

Much more in the full article here.

MacDailyNews Take: Another point in Gatekeeper’s favor. As Rossignol writes, installing unknown apps from unidentified developers is almost always a security risk.

SEE ALSO:
New Mac malware in the wild: ‘Backdoor.MAC.Elanor’ can control FaceTime camera, steal data, more – July 6, 2016
Security experts: Apple did OS X Mountain Lion’s Gatekeeper right – February 16, 2012
OS X Mountain Lion’s Gatekeeper slams the door on Mac trojans – February 16, 2012

24 Comments

  1. That’s the usual difference between Windows and Mac malware. Windows: visit the wrong website, you’re owned. Mac: You have to download dodgy software and ignore your Mac when it begs you not to run it.

    ——RM

  2. That can happen with a Mac too, You just need a Vul like you did in Windows. Organized crime has not taken on the Mac yet. BUT for now, as a OS X malware writer, why spend the time on it when the next day or two or three you release your payload and every Mac malware researcher and AV company in the world is looking for it. You time to reward ratio is WAY off and not in their favor.

    Code is code and OS X is 1/3 larger then Windows and it is less secure(El Captain) then Windows 10. We will have to see how the MacOS is as far as stepping security up another 2 notches to be equal with Windows 10 security.

    .

      1. Exactly, who is TED and what rock has he been living under. Windows 10 is more secure than Mac OS? Dude you are a classic case of Stockholm syndrome.

    1. Prove it. Prove with a technical article + list of active/in the wild malware by OS comparison.

      Unless Windows is rewritten from the ground up and does away (completely) with legacy crap code, it can never be more secure. Even in a locked down windows machine (as in no privileges..not even right click), all it takes is a control alt delete, task manager, run explorer.exe ..to own a PC.

    2. This English-as-a-second-language ‘TED’ person is clearly NOT a Mac users.

      One of the big fat reasons why malware writers rarely bother with Macs is:

      XProtect. It’s been built into OS X (macOS) since 10.6 Snow Leopard. Apple quickly ID active malware, created a malware signature and stream it out to ever Mac on the Internet. I fully expect OSX.Trojan.Eleanor.A (the proper name for it) to be blocked by tomorrow (July 7).

      That means the period of exploitation of Macs is TINY. Compare that to the STUPID system Microsoft uses where a malware writer has as long as a MONTH of Windows exploitation, thanks to the IDIOTIC ‘Second Tuesday Of The Month’ Windows update system, which is NOT automatic if the user so chooses. Malware writers love it!

      IOW: Thank Apple for their (admittedly intermittent) attention to user security.

      Now if only Apple would turn ON the macOS firewall BY DEFAULT with every OS installation. Beats the hell out of my why they didn’t start doing so a decade ago. IOW: Apple is never perfect, just better than anything else around.

        1. Thank you anonymous coward for pointing out my typo. Be sure to never make them yourself or some dick like you will jump on your back and exercise a reflection of their own self-loathing on you. *yawn*

          Oh and yeah: It sure would be nice if WordPress allowed editing of one’s comments. But it doesn’t.

          1. jß has been around for a while, DC. He may not be registered or logged into his account, but he is not your typical anonymous poster on this forum.

            He has a good point, too. It was rather funny that your very first sentence bashing poor grammar contained a grammar error!

            It seems to me that you have been more aggressive in your recent posts. You used to focus more on the topic and the facts. Now you tend to focus on the verbal attack. Your response to jß was a bit over the top, I think…

    3. Malware on the Mac will never reach the technical threat level it has on Windows. The reason being that there are easier ways to reach the goals you want as criminal. Why develop malware when you can abuse a service that the users sign up themselves?

  3. You bet user experience is far superior with OS X. I have 5 Macs, 3 iPad, 3 iPhones, 4 Linux boxes and 2 Bootcamped W10.

    Any corporate pen tester will tell you that OS X is noting to get into. Doesn’t have to “be in the wild”. Current Mac malware that we see is kid stuff. Follow corporate pentester who spend their days breaking into corporate networks. Don’t listen to fanboyisum crowd think.

    And you don’t think the EXACT right click and “pwnd” can’t happen to OS X? Clueless. The OS has never been vetted by pro level hackers OS X is not OpenBSD or a re imaging Chrome OS. OS X is an unvetted OS. “Security through obscurity”.

    There are a large amount of zerodays on OS X that people are just keeping in the pentesting community. Why sell them…….not much money being offered yet. Because OS X is skating by with “security through obscurity”.

    Why spend a month or two writing an exploit for OS X when 2 days later the whole worlds malware researchers and AV companies are all over the exploit code reverse engineering it. The cost for effort ratio is too great. Why waste your time, when you can get a month or so out of a code base the hacker knows like a second language. The malware writers are smart, not worth the time. There is no “fog of war” like Windows malware is peppering the average user. It’s a fricken business model that works extremely well.

    A known, famous, OS X malware researcher says ………. starting at 42:00 mins on the first link. It takes 3 mins . Then watch the rest of them.

    6 mins below.

    This one has a ton of conference background noise but they are talking about a OS X dropper that you do not think exists. He even said this one is simplistic for the most part.

    So we are suppose to believe Apple forum fanboy’s that OS X is so secure. Do YOU hack computers 8 to 12 hours a day? Start following the pros that hack legally or semi legally.

    1. Yet, in spite of all your examples and contemptuous text, in the real world of everyday use Mac have had little action in the wild. It’s like you’re using stuff that can be done in a tech lab as if it applied anywhere else but there.

    2. TED, no one is claiming that OS X is impervious to attack. But your insistence on repeating “security through obscurity” (STO) is telling, because OS X and is relatives on the iPhone/iPad, AppleTV, and Apple Watch are far from obscure. You may have had a point in the mid-1990s to the early 2000s, but Macs have sold very well over the past decade plus and are well-represented in the corporate world, especially at the upper levels that hackers love to target. So that STO mantra is old…very old.

      In the end, I care about real-world results, and those results tell me that I am far safer on a Mac than a PC. I have owned both and used both at home and at work, and I choose the Mac. If you think so poorly of the Mac, why do you even bother with the MDN site, much less taking the time to post long-winded BS?

  4. You bet user experience is far superior with OS X. I have 5 Macs, 3 iPad, 3 iPhones, 4 Linux boxes and 2 Bootcamped W10.

    Any corporate pen tester will tell you that OS X is noting to get into. Doesn’t have to “be in the wild”. Current Mac malware that we see is kid stuff. Follow corporate pentester who spend their days breaking into corporate networks. Don’t listen to fanboyisum crowd think.

    And you don’t think the EXACT right click and “pwnd” can’t happen to OS X? Clueless. The OS has never been vetted by pro level hackers OS X is not OpenBSD or a re imaging Chrome OS. OS X is an unvetted OS. “Security through obscurity”.

    There are a large amount of zerodays on OS X that people are just keeping in the pentesting community. Why sell them…….not much money being offered yet. Because OS X is skating by with “security through obscurity”.

    Why spend a month or two writing an exploit for OS X when 2 days later the whole worlds malware researchers and AV companies are all over the exploit code reverse engineering it. The cost for effort ratio is too great. Why waste your time, when you can get a month or so out of a code base the hacker knows like a second language. The malware writers are smart, not worth the time. There is no “fog of war” like Windows malware is peppering the average user. It’s a fricken business model that works extremely well.

    A known, famous, OS X malware researcher says ………. starting at 42:00 mins on the first link. It takes 3 mins . Then watch the rest of them.

    6 mins below.

    This one has a ton of conference background noise but they are talking about a OS X dropper that you do not think exists. He even said this one is simplistic for the most part.

    So we are suppose to believe Apple forum fanboy’s that OS X is so secure. Do YOU hack computers 8 to 12 hours a day? Start following the pros that hack legally or semi legally.

  5. Seriously, people. Mac OS X versus Windows IS NOT Android versus iOS. Android is less secure than iOS because it was thrown together as quickly as possible by Google so they could beat Microsoft to the market. (This is also why Android has notorious performance problems.) The issues with its basic architecture will never be fixed unless Google sacrifices backwards compatibility, which is impossible due to fragmentation and update issues. Google engineers will privately tell you that they prefer Chrome OS to Android.

    Windows is a whole different animal. It’s problem was that it was originally built on technology that existed before and did not anticipate open networking. (This is in comparison with UNIX and UNIX-like systems, which have always been used for networking, even before “the Internet” existed.) We are talking about MS-DOS, and then Windows which was basically MS-DOS with a GUI. Even after Internets, LANs, WANs became common, most of the security problems – and the reasons for them – were unanticipated, and a lot of it was inherent to the programming languages that everyone used to build applications back then. However, eventually starting with Windows 7 Microsoft did begin moving away from the MS-DOS guts and began to design and integrate security features into the core of the product. Windows 10 is actually secure enough to where one doesn’t need an antivirus suite, which has resulted in the antivirus companies’ doing all the fearmongering that they can in order to drive up business.

    As far as OS X security goes … look. For years I was told that Linux was inherently secure; no need for antivirus. (One of the reasons why I switched from Windows to Fedora back when the Windows virus thing was really bad. Microsoft actually took steps to make it much harder to dual boot into or replace the OS with Linux in response, and they claimed that it was “for security.”) Then, while researchers were looking into the tons of security issues in Android (which is Google’s own Linux distro) guess what …. they found TONS of security holes in Linux. They had been there all along, but the rub is that attackers never bothered to exploit them because – until Android and to a lesser extent Chrome OS – the number of consumer users of Linux was so low.

    That is the same case with Mac OS X. The market share for Mac OS X is less than 15%. Not so long ago, it was less than 10%. So there was is no real interest in developing attack vectors for a platform that had so few users. You can get far more bank for your buck by going after the nearly 90% market share.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.