Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Mac OS X Computers Infected with Fresh Malicious Program Utilizing Tor for Creating Backdoor

BitDefender has found Backdoor.MAC.Eleanor, a malware which uses Tor network to create a backdoor on Mac OS X computers. Presently it's being spread among victims as one Mac application named EasyDoc Converter which should let the PC-operator to change the form of files via moving them onto one small window.

Actually, the application merely pulls down one malicious script and executes it; the script planting as well as registering 3 fresh components whenever the system starts. The components are one Pastebin client, one PHP Web utility, and the unnoticeably Tor utility.

Technical Director Tiberius Axinte of BitDefender's Anti-malware Laboratory explains the malware is highly perilous since its detection is difficult even as it enables complete hold over the infected machine for the attackers who can lock the user's system making it inaccessible to him, hold the user's private files hostage for a ransom, or add his system to a botnet for launching more assaults against other systems, and so on.

The EasyDoc Converter application feigns like one drag-and-drop feature for conversion of files while just downloads the above mentioned malevolent script onto users' PCs. Cultofmac.com posted this, July 5, 2016.

The connection has as its receiving end the PHP Web utility which also deciphers the crook's commands issued to it.

At this point the Pastebin client takes the .onion domain generated locally to post it to certain URL of Pastebin. This follows its encryption with one freely available key utilizing base64 and RSA algorithms. The Pastebin link is accessible to the attacker who may parse it to add fresh machines to his botnet.

After infecting a Mac, Backdoor.MAC.Eleanor crafts one distinct Tor address letting attackers to acquire total hold over the system's directories and folders, and seize videos/images by compromising its webcam.

Since EasyDoc Converter isn't really a Mac application, users are suggested altering the security configurations of their Mac systems so only applications from Mac's App Store or other authorized developers are downloaded.

The contaminated PC joins the attackers' botnet that maybe used for distributing masBitsive spam, filching confidential information stored on the host, making one DDoS bot out of it, alternatively planting more malware.

ยป SPAMfighter News - 7/8/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page