EasyDoc Eleanor Malware Onion Bots

Zenaan Harkness zen at freedbms.net
Wed Jul 13 03:46:20 PDT 2016

On Wed, Jul 13, 2016 at 06:33:19AM -0400, John Newman wrote:
> > On Jul 6, 2016, at 2:52 PM, grarpamp <grarpamp at gmail.com> wrote:
> > 
> > http://www.theregister.co.uk/2016/07/05/easydoc_malware_adds_tor_backdoor_to_mac_systems_for_botnet_control/
> > http://appleinsider.com/articles/16/07/06/new-mac-malware-can-remotely-access-facetime-camera-but-macos-gatekeeper-users-are-protected
> > 
> > Security firm Bitdefender has issued an alert about a malicious app
> > that hands over control of Macs to criminals via Tor. The software,
> > called EasyDoc Converter.app, is supposed to be a file converter but
> > doesn't do its advertised functions. Instead it drops complex malware
> > onto the system that subverts the security of the system, allowing it
> > to be used as part of a botnet or to spy on the owner. "This type of
> > malware is particularly dangerous as it's hard to detect and offers
> > the attacker full control of the compromised system," said Tiberius
> > Axinte, Technical Leader, Bitdefender Antimalware Lab. "For instance,
> > someone can lock you out of your laptop, threaten to blackmail you to
> > restore your private files or transform your laptop into a botnet to
> > attack other devices. The possibilities are endless." The malware,
> > dubbed Backdoor.MAC.Eleanor, sets up a hidden Tor service and
> > PHP-capable web server on the infected computer, generating a .onion
> > domain that the attacker can use to connect to the Mac and control it.
> > Once installed, the malware grants full access to the file system and
> > can run scripts given to it by its masters.A report on AppleInsider
> > says that malware can also control the FaceTime camera on a victim's
> > computer. But thankfully, Apple's Gatekeeper security prevents the
> > unsigned app from being installed.
> This is why I install only a limited number of apps from (hopefully non subverted) known good sources on hackintosh & MacBook.  Some UNIX stuff from homebrew, transmission, chrome, iterm and a couple others.. of course even this isn't anywhere near perfect
> "Easydoc converter.app" name fucking sounds fishy (and worthless)...
> More and more malware finally starting to target osx (err macOS, or whatever it's called these days)..

Just as well your operating system, drivers and desktop software are all
open source too - you'd be at the mercy of a corporation's walled garden

More information about the cypherpunks mailing list