Mac OS X Computers Infected with Fresh Malicious Program Utilizing Tor for Creating Backdoor

BitDefender has found Backdoor.MAC.Eleanor, a malware which uses Tor network to create a backdoor on Mac OS X computers. Presently it's being spread among victims as one Mac application named EasyDoc Converter which should let the PC-operator to change the form of files via moving them onto one small window.

Actually, the application merely pulls down one malicious script and executes it; the script planting as well as registering 3 fresh components whenever the system starts. The components are one Pastebin client, one PHP Web utility, and the unnoticeably Tor utility.

Technical Director Tiberius Axinte of BitDefender's Anti-malware Laboratory explains the malware is highly perilous since its detection is difficult even as it enables complete hold over the infected machine for the attackers who can lock the user's system making it inaccessible to him, hold the user's private files hostage for a ransom, or add his system to a botnet for launching more assaults against other systems, and so on.

The EasyDoc Converter application feigns like one drag-and-drop feature for conversion of files while just downloads the above mentioned malevolent script onto users' PCs. Cultofmac.com posted this, July 5, 2016.

The connection has as its receiving end the PHP Web utility which also deciphers the crook's commands issued to it.

At this point the Pastebin client takes the .onion domain generated locally to post it to certain URL of Pastebin. This follows its encryption with one freely available key utilizing base64 and RSA algorithms. The Pastebin link is accessible to the attacker who may parse it to add fresh machines to his botnet.

After infecting a Mac, Backdoor.MAC.Eleanor crafts one distinct Tor address letting attackers to acquire total hold over the system's directories and folders, and seize videos/images by compromising its webcam.

Since EasyDoc Converter isn't really a Mac application, users are suggested altering the security configurations of their Mac systems so only applications from Mac's App Store or other authorized developers are downloaded.

The contaminated PC joins the attackers' botnet that maybe used for distributing masBitsive spam, filching confidential information stored on the host, making one DDoS bot out of it, alternatively planting more malware.

» SPAMfighter News - 7/8/2016