Mac Malware Opens OS X Backdoor to Attackers

The EasyDoc Converter freeware for OS X may promise to convert files to the Microsoft Office .docx format, but in reality, it hands control of your entire system to dangerous attackers. This according to a report released today (July 5) by Bitdefender Labs that reveals that EasyDoc — an application available on the reputable MacUpdate software website — is the latest piece of Mac malware.

Credit: ConstantinosZ/Shutterstock/Tom's GuideCredit: ConstantinosZ/Shutterstock/Tom's Guide

If you download and open EasyDoc Converter, attackers will be able to view, alter, delete and download your files, as well as execute a variety of applications on your system. Basically, your system is theirs to do with as they please.

MORE: Best Antivirus Software for Mac

You might realize something fishy is going on when EasyDoc Converter proves incapable of file conversion, but by that time, it may be too late. Tiberius Axinte, technical leader of Bitdefender's Antimalware Lab, explained in a company blog posting that once EasyDoc is in, "someone can lock you out of your laptop" or "threaten to blackmail you to restore your private files."

EasyDoc Converter is essentially a front for malware known as Backdoor.MAC.Eleanor, which can download and install additional malicious software. Backdoor.MAC.Eleanor also creates a web server on infected Macs that can be accessed by the malcontents who wrote it. There's also a utility that can capture images and video from your Mac's webcam.

Credit: BitdefenderCredit: Bitdefender

Since Backdoor.MAC.Eleanor wants to stay unseen, Bitdefender Labs' PDF report explains that before self-installing, it will check to see if the Little Snitch traffic monitor utility is present on the system. It also won't install if it finds a duplicate copy of itself.

EasyDoc Converter is listed as having been available on MacUpdate since March 16. It was downloaded 90 times and earned a .5-star user review rating, probably because it clearly doesn't work as promised.

On a MacBook running OS X 10.11.5 El Capitan, we were able to open the EasyDoc Converter installer file by clicking through a pop-up window that suggested users not open software from untrustworthy elements, a warning we suggest Mac users take seriously. Our MacBook Pro had the default Gatekeeper settings, which allowed apps from the "Mac App Store and identified developers."

Bitdefender notes that EasyDoc Converter isn't digitally signed by Apple, but the malware likely made it through defenses using signed code from unidentified "identified developers." We agree with Bitdefender Labs' recommendation that you should use antivirus protection software on your Mac, although Bitdefender's other recommendation that you should download software only from reputable sources clearly wouldn't work in this case. Instead, get your software directly from the Apple App Store.

Create a new thread in the Antivirus / Security / Privacy forum about this subject
This thread is closed for comments
No comments yet
    Your comment