What Is ‘Backdoor.MAC.Eleanor’ Malware, And How To Protect Your Mac Against It

Security research company Bitdefender’s research lab has shared details of a new malware that affects those using Apple’s computers, with Backdoor.MAC.Eleanor solely targeting Macs, as the name would suggest. In an attempt to ensure as few people are affected by this new threat as possible, it’s important that information about the malware is disseminated far and wide, and to aid that here are a few FAQs (Frequently Asked Questions) surrounding it, and importantly, how to avoid your Mac from being infected by it. So, without any further delay, here’s everything you need to know about Backdoor.MAC.Eleanor malware that could potentially affect your Mac.


What is Backdoor.MAC.Eleanor and how is it transmitted?

Backdoor.MAC.Eleanor is a brand new malware that is being distributed via a malicious app called EasyDoc Convertor that claims to instantly convert documents once they are dragged onto its icon. While never available via the Mac App Store, EasyDoc Convertor was downloadable from the popular MacUpdate website, though as of July 5th it had been removed.

How is Backdoor.MAC.Eleanor distributed?

Via Macs that have EasyDoc Convertor installed, a script is installed and set to execute at startup that allows a malicious entity to remotely connect to the Mac in question. That access is granted via a Tor service, meaning it is well hidden. Once infected, attackers can then connect to the Mac and modify files, execute commands, and even take photos and record video using the Mac’s built-in camera, if available. That’s just the start of it, too, with attackers also able to send emails with attachments and administer databases from the machines which makes them perfect for large scale SPAM campaigns amongst other things.

How do I stay safe?

The most obvious way to stay safe from this attack is to avoid installing the EasyDoc app, and even if you did, chances are that your Mac would prevent it from running thanks to Gatekeeper. Ensure that Gatekeeper is enabled via System Preferences > Security & Privacy. Malware apps such as BlockBlock can also be used to ensure a Mac isn’t already infected while also running in the background to ensure a new infection cannot occur.

What if I’m already infected?

Those with EasyDoc Convertor installed can use the anti-malware app Malwarebytes to clean their system – it has already been updated to do so.


You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.