sb-au logo
Story image

New backdoor malware targeting Mac devices

New malware has been discovered that exposes Apple system to cyber-spying and full concealed control by malicious third parties.

Security firm Bitdefender have released details of the new malware, dubbed Backdoor.MAC.Eleanor.

The backdoor malware is embedded into a fake file converter application that is accessible online on reputable sites offering Mac applications and software. 

The EasyDoc Converter.app poses as a drag-and-drop file converter, but has no real functionality - it simply downloads a malicious script.

The script installs and registers the following components to system startup:

1.       Tor Hidden Service

This component creates a Tor hidden service that allows an attacker to anonymously access the control-and-command center from the outside – a local web server dubbed Web Service (PHP) - via a Tor-generated address.

2.       Web Service (PHP)

This component gives the attacker full control over the infected machine. The web service is set up locally and can be accessed through the “onion” address. After authenticating with the correct password, attackers gain access to a web-based control panel with the following abilities:

• File manager (view, edit, rename, delete, upload, download, and archive files)

• Command execution (execute commands)

• Script execution (execute scripts in PHP, PERL, Python, Ruby, Java, C)

• Shell via bind/reverse shell connect (remotely execute root commands)

• Simple packet crafter (probe firewall rule-sets and find entry points into a targeted system or network)

• Connect and administer databases

• Process list/Task manager (access the list of processes and applications running on the system)

• Send emails with attached files

The malware uses a tool named “wacaw” to capture images and videos from built-in webcams.

It also uses a daemon to grab updates and fetch files from the user’s computer or execute shell scripts.

3.       Pastebin Agent

Every infected machine has a unique Tor address that the attacker uses to connect and download the malware. All the addresses are stored on pastebin.com using this agent, after being encrypted with a public key using RSA and base64 algorithms.

Consequences

"This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised system,” says Tiberius Axinte, technical leader, Bitdefender Antimalware Lab.

“For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless,” he explains.

This app is not digitally signed by Apple. As a safety precaution, Bitdefender recommends downloading applications exclusively from reputable websites, and using a security solution for Apple devices to fend off Mac-targeting malware and other specific threats.

Technical analysis was provided by Tiberius Axinte, Technical Leader at Bitdefender Antimalware Lab and Dragos Gavrilut, Antimalware Research Manager.

Link image
Webinar: Best practices for keeping your video chats secure
Video collaboration providers nowadays operate exclusively on a multi-tenant, public cloud - and security and privacy concerns have come into the spotlight. Here's how to secure your communications.More
Story image
Fortinet SOARs to new heights of protection on the wings of AI & automation
Jon McGettigan, Fortinet A/NZ Regional Director, talks about SOAR (security orchestration, automation and response) and explains that effective SOAR starts with your security policy.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Link image
Why performance monitoring is essential to keep cloud costs down
Cloud comes with many different associated costs, which can sneak up on organisations and drive down efficiency. Here's how to reduce costs by up to 50%.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More