A new FaceTime hijacking Mac malware emerged this week, marking the second legitimate malware attack on Macs we’ve seen in the last year. Like the Keranger ransomware attack that cropped up earlier this year, this newest Mac malware comes in the form of a seemingly reputable Mac app called EasyDoc Converter.
The app, which was initially available for download on well-known app download sites like MacUpdate, was advertised as a drag-and-drop file conversion software. According to BitDefender Labs, which first discovered the poisoned application, EasyDoc converter didn’t actually convert files at all. It simply served as a vehicle for downloading malicious script onto Mac users’ computers. Dubbing the new Mac Malware “Backdoor.MAC.Eleanor,” Bitdefender has classified the malware as a “nasty backdoor” to your Mac computer that can “steal data, execute remote code and access the webcam, among other things.”
Researchers at Malwarebytes have also been following the Eleanor backdoor and reported the infected app to MacUpdate on Tuesday. While the company did not readily respond, by Wednesday morning, the app was no longer available on MacUpdate.
Before it was taken down, the EasyDoc Converter software, once downloaded, would run malicious scripts on the victim’s computer that could gain unauthorized remote access to various tools on the victim’s computer, such as the FaceTime camera. It could also download files, execute commands, and send emails with attached files.
It’s unclear how many people may have been affected by the Eleanor backdoor, as it was not an Official Apple App Store app and required users to specifically allow the app to be downloaded. If you suspect you may have downloaded the infected app, it is possible to remove it by using Malwarebytes Anti-Malware for Mac.
In addition, Malwarebytes director Thomas Reed shared these insights on how users can prevent malware from infecting their Mac computers.
- Be Cautious Of Downloading Unofficial/Unsigned Apps – Apple does a pretty good job of vetting apps that make it onto the App Store and as a result, any that are not signed or come from third-party sources run a larger risk of containing malware, adware or other things that could potentially harm your computer. You will know if an app isn’t signed because your computer will require you to approve its download by entering your administrator password. If there is an application that requires you to enter your administrative password in order to download it, you need to proceed with caution. While not all unsigned apps are malicious, they’re not all harmless either
- Be Careful About Running Apps That Haven’t Been Updated Recently – this one is a little harder to keep track of, but if there is a piece of software or app that you want to run that has not received regular updates or it appears the developer has abandoned, you need to think twice before running it, said Reed. “It is becoming an increasingly popular thing (especially amongst Chrome extensions in the Chrome store) for unsavory developers to turn abandoned software into adware or malware. This gives the malicious software a hint of legitimacy, by infecting software that has a history. If an app has been abandoned, you probably should think twice about downloading it, and you should be cautious about even running an old copy on your hard drive if the app has a self-updating mechanism,” said Reed.