EasyDoc Malware Adds Tor Backdoor To Macs For Botnet Control (theregister.co.uk) 68
An anonymous reader writes: Security firm Bitdefender has issued an alert about a malicious app that hands over control of Macs to criminals via Tor. The software, called EasyDoc Converter.app, is supposed to be a file converter but doesn't do its advertised functions. Instead it drops complex malware onto the system that subverts the security of the system, allowing it to be used as part of a botnet or to spy on the owner. "This type of malware is particularly dangerous as it's hard to detect and offers the attacker full control of the compromised system," said Tiberius Axinte, Technical Leader, Bitdefender Antimalware Lab. "For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless." The malware, dubbed Backdoor.MAC.Eleanor, sets up a hidden Tor service and PHP-capable web server on the infected computer, generating a .onion domain that the attacker can use to connect to the Mac and control it. Once installed, the malware grants full access to the file system and can run scripts given to it by its masters.A report on AppleInsider says that malware can also control the FaceTime camera on a victim's computer. But thankfully, Apple's Gatekeeper security prevents the unsigned app from being installed.
Gatekeeper (Score:5, Insightful)
Nice to see the security features of an *nix based OS working here. Gatekeeper will prevent most from installing it, and for those who disable security features, you ought to know what you are doing anyway.
And - unwritten in TFA is the fact that there will probably be a fix for this post haste.
Re: (Score:3)
Security has always been a factor in Unix, the freaking thing came out of an era where everybody shared the same resource (the CPU), was connected through terminals and networks and shouldn't be able to see into each other's business. Windows is the only OS still existent that was only geared towards the workstation or the single computer and thus didn't require permission levels, not even locally.
Re:Gatekeeper (Score:4, Informative)
Its more like "Nice to see Apple defaulting to only allowing developers who pay them rent to be able to install applications"
You can install any developer's things onto an OSX machine. You just have to uncheck a checkbox to do it.
Re: (Score:2)
Well, the default can be overridden on a per-app basis by holding down a key and double-clicking. It will let you force-run the app.
The option to allow unsigned apps to run freely is going away in Sierra apparently - the only way to run unsigned apps is to Ctrl-double-click each app you want to run to add an exception for that app.
And it's less rent, and more developer accountability
Re: (Score:2)
Its more like "Nice to see Apple defaulting to only allowing developers who pay them rent to be able to install applications" This has nothing to do with UNIX. (Which had a terrible security model to begin with considering security was not even remotely a factor in the design. Linux ppl have had to constantly work to bypass that shitty design.)
But it helps Apple that useful idiots like you who have absolutely zero knowledge about kernel design and won't ever have it, continue to suck dick for them.
You don't have to pay Apple "rent" for any such thing, hater.
Apple now will hand out for FREE a Developer Cert. to anyone who Registers. No "rent" required.
Re: (Score:2)
Nice to see the security features of an *nix based OS working here. Gatekeeper will prevent most from installing it, and for those who disable security features, you ought to know what you are doing anyway.
And - unwritten in TFA is the fact that there will probably be a fix for this post haste.
It's also nice that in more recent version of OS X/macOS, Gatekeeper only lets you be completely unprotected for a certain time period, and then reverts back to the middle-level of security. So you can only be stupid for awhile...
Been there, haven't done that (Score:2)
I get this download offered a lot when I'm on dodgy file sites. I never trust these anyways, and a moment's research on Google brings up lots of complaints.
But I'm there, on this dodgy site, and I expect they will try to fling poo at my machine. So I have always avoided it.
And having a Windows machine, everything wants to infect it, even Windows Update.
Re: (Score:3)
The ads smelt so badly of deception that I just blocked them all (and there were a lot of variants) in my AdSense account to protect my visitors and my sites' reputation.
And I'll keep doing it to any ad that offers clearly deceptive generic 'download now' ads/buttons that are intended to confuse visitors into thinking that they are downloading from the host site.
Rgds
Damon
Re: (Score:3)
Re: (Score:2)
Yup! It's trying to use social engineering to get around the system's built-in protections. As of now, Linux still has better protections (Even if you let a malware program run it can't get at your system files unless you're stupid enough to run as root) but I'll gladly admit that Windows is much better now than it was ten years ago, even without the third-party protections that Linux doesn't need. And, I'
Re: (Score:2, Interesting)
Hello APK. didn't you want to leave this site after you've had a quarrel with whipslash?In fact you claimed to have made your "last post ever" on this site!
Re: (Score:2)
Users banning other users? What crack are you on?
I can set someone as foe and make all foes show as -6 moderation, but that only shows for me, not everyone else. You can also be down-modded for trolling or posting off topic and get bad karma which makes it harder to make good posts, but that isn't banning either.
You don't have an account for the same reason APK refuses to use his account; you don't want to be held accountable for what you post.
Re: (Score:1)
"souled-out to admen"
Total fail. My 11-year old wouldn't make this ridiculous spelling error.
Re: (Score:2)
Well, TBH, Macs have hosts files too, and they are just as useless for what APK wants everyone to do.
Play Stupid Games, Win Stupid Prizes (Score:2)
"Go ahead - download that iffy software from some random pr0n site advert so you can see your b00bie pictures better... it'll be fine..."
Re: (Score:2)
Because posting your garbage three times will make people see the light of day?
Grow up APK, your software and solution totally suck, and don't protect half as well as a proper solution of DNS or Ad blocking software.
Re: (Score:2)
Yeah, gatekeeper prevents it from being installed... Unless the user right-clicks and clicks open in the menu there... Then it's game-on.
And if that wan't allowed, the entire innertubes would be ablaze about how the Mac is not allowing software from anywhere but the App Store.
So tell me, how EXACTLY does Apple "win" here?
Re: (Score:2)
Four times now? No wonder Whipslash wants to get rid of you, I guess it is the same as everyone else. Spam is annoying when it comes in through email, where it is simple to just delete, but on Slashdot, you just piss off the audience, you don't even get through to the people you are targeting.
Re: (Score:2)
How exactly does that in any way refute what I said?
No one wants to be advertised to, you try to make a living from blocking people advertising to others...by advertising. You are pissing off people who don't want to see advertising, to try to get them to pay money for your product that blocks advertising. How about a product that will block your advertising, I'd pay for that!
You are not winning people over to your side by spamming Slashdot, you just piss people off, and make them remark on your possible
Re: (Score:2)
Again, you haven't refuted anything I said, just provided more evidence of your lack of reading abilities.
Re: (Score:2)
So, APK (you...), advertising a software product for Windows hosts file manipulation, in response to a piece of malware that your hosts file wouldn't be able to stop, that is only for MacOS. Yeah, totally on topic, congratulations on your off topic masterpiece!
Re: (Score:2)
Get on topic, APK, you are so far off topic it isn't even funny. Keep railing away at me, I have all day.
So, since output of your software will work on a Mac, how does a Mac owner use your software? Running your software just to get a hosts file which will slowdown the computer's network access by a considerable amount...again, the worst solution ever, that won't block anything about this malware.
APK, trying to claim I am offtopic when I am responding directly to what you posted makes you looks like a pot
Re: (Score:2)
Wow, it looks like I touched a nerve, does diddums need to have a cry?
I'm sorry that you are such an incompetent programmer that I can write out what your program does in 10 seconds. It must burn you up that you can't actually program worth a damn, so have to hide your source code.
Re: (Score:2)
I wrote it, therefore it is my code.
See, the thing is, I have never claimed to be an epic programmer, yet you have, without proving yourself even once.
You know you fail when trying to prove yourself as an expert, because you aren't. You are a wanna-be with no credentials trying to act all big and tough and demand other's credentials without ever giving your own.
I have written something in 10 seconds that does everything your crapware does. I have proven my ability, but you still haven't proven yourself an
Re: (Score:2)
Except, APK, you have in no way made a fool of me. You have instead repeatedly displayed your unfathomable ignorance of technology, and human interaction.
Whipslash is the face of Slashdot, he doesn't fear your hosts file software in any way, he fears losing users because you drive them off with your spam, which is far worse than any ad they run on this site. The ads on this site are quite tasteful, and targeted well at the audience. If you don't like them, block them. They used to have a "turn off adver