Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Desktops (Apple) Security Apple

EasyDoc Malware Adds Tor Backdoor To Macs For Botnet Control (theregister.co.uk) 68

An anonymous reader writes: Security firm Bitdefender has issued an alert about a malicious app that hands over control of Macs to criminals via Tor. The software, called EasyDoc Converter.app, is supposed to be a file converter but doesn't do its advertised functions. Instead it drops complex malware onto the system that subverts the security of the system, allowing it to be used as part of a botnet or to spy on the owner. "This type of malware is particularly dangerous as it's hard to detect and offers the attacker full control of the compromised system," said Tiberius Axinte, Technical Leader, Bitdefender Antimalware Lab. "For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless." The malware, dubbed Backdoor.MAC.Eleanor, sets up a hidden Tor service and PHP-capable web server on the infected computer, generating a .onion domain that the attacker can use to connect to the Mac and control it. Once installed, the malware grants full access to the file system and can run scripts given to it by its masters.A report on AppleInsider says that malware can also control the FaceTime camera on a victim's computer. But thankfully, Apple's Gatekeeper security prevents the unsigned app from being installed.
This discussion has been archived. No new comments can be posted.

EasyDoc Malware Adds Tor Backdoor To Macs For Botnet Control

Comments Filter:
  • Gatekeeper (Score:5, Insightful)

    by tripleevenfall ( 1990004 ) on Wednesday July 06, 2016 @12:24PM (#52457343)

    Nice to see the security features of an *nix based OS working here. Gatekeeper will prevent most from installing it, and for those who disable security features, you ought to know what you are doing anyway.

    And - unwritten in TFA is the fact that there will probably be a fix for this post haste.

    • Nice to see the security features of an *nix based OS working here. Gatekeeper will prevent most from installing it, and for those who disable security features, you ought to know what you are doing anyway.

      And - unwritten in TFA is the fact that there will probably be a fix for this post haste.

      It's also nice that in more recent version of OS X/macOS, Gatekeeper only lets you be completely unprotected for a certain time period, and then reverts back to the middle-level of security. So you can only be stupid for awhile...

  • I get this download offered a lot when I'm on dodgy file sites. I never trust these anyways, and a moment's research on Google brings up lots of complaints.

    But I'm there, on this dodgy site, and I expect they will try to fling poo at my machine. So I have always avoided it.

    And having a Windows machine, everything wants to infect it, even Windows Update.

    • by DamonHD ( 794830 )

      The ads smelt so badly of deception that I just blocked them all (and there were a lot of variants) in my AdSense account to protect my visitors and my sites' reputation.

      And I'll keep doing it to any ad that offers clearly deceptive generic 'download now' ads/buttons that are intended to confuse visitors into thinking that they are downloading from the host site.

      Rgds

      Damon

    • What's really funny is running across one of those fake virus scan malwares when you're running Linux and watching it claim to find all sorts of virus infections in folders that not only don't exist on your machine, they can't because the paths are malformed for Linux. And, even if they try to download and execute their payload it doesn't work because the files aren't marked executable by default. Linux isn't perfect, by any means, but at least it's immune to that kind of attack.
  • "Go ahead - download that iffy software from some random pr0n site advert so you can see your b00bie pictures better... it'll be fine..."

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...