[tor-talk] EasyDoc Eleanor Malware Onion Bots

grarpamp grarpamp at gmail.com
Wed Jul 6 18:52:20 UTC 2016


http://www.theregister.co.uk/2016/07/05/easydoc_malware_adds_tor_backdoor_to_mac_systems_for_botnet_control/
http://appleinsider.com/articles/16/07/06/new-mac-malware-can-remotely-access-facetime-camera-but-macos-gatekeeper-users-are-protected

Security firm Bitdefender has issued an alert about a malicious app
that hands over control of Macs to criminals via Tor. The software,
called EasyDoc Converter.app, is supposed to be a file converter but
doesn't do its advertised functions. Instead it drops complex malware
onto the system that subverts the security of the system, allowing it
to be used as part of a botnet or to spy on the owner. "This type of
malware is particularly dangerous as it's hard to detect and offers
the attacker full control of the compromised system," said Tiberius
Axinte, Technical Leader, Bitdefender Antimalware Lab. "For instance,
someone can lock you out of your laptop, threaten to blackmail you to
restore your private files or transform your laptop into a botnet to
attack other devices. The possibilities are endless." The malware,
dubbed Backdoor.MAC.Eleanor, sets up a hidden Tor service and
PHP-capable web server on the infected computer, generating a .onion
domain that the attacker can use to connect to the Mac and control it.
Once installed, the malware grants full access to the file system and
can run scripts given to it by its masters.A report on AppleInsider
says that malware can also control the FaceTime camera on a victim's
computer. But thankfully, Apple's Gatekeeper security prevents the
unsigned app from being installed.


More information about the tor-talk mailing list