New macOS malware gives hackers complete access to your files
For security reasons, out of the box macOS is configured to only allow software from the App Store and identified developers to be installed. However, there are times when users may also want to run apps from other sources, in which case it is possible to enable a no holds barred setting. But, along with the extra freedom, it also exponentially increases the risk of running into malware.
You may be inclined to believe that you can stay safe by sticking to known download websites, but that is not always the case. Bitdefender has uncovered a new Mac malware, called Backdoor.Mac.Eleanor, that poses as a document converter on what the security company calls "reputable sites". When installed, it gives hackers complete access to your Mac.
Bitdefender says that, while it appears to have "no real functionality", it downloads a malicious script that installs a hidden Tor service, web service, and Pastebin agent through which hackers can do pretty much everything they want, including accessing and managing your files, accessing your webcam, executing commands, sending emails and so on. Here is how it all works.
The Tor service gives your Mac a Tor-generated IP address, which gives hackers anonymity as it makes it virtually impossible to track where the incoming traffic comes from. For easy access to your device, your IP address is stored, via the Pastebin service, on Pastebin, but not before it is encrypted using RSA and base64 algorithms.
The web service is what actually allows hackers to control your Mac. It sets up a web-based control panel, which can be accessed at the Tor-generated IP address mentioned above using the right credentials. The browser interface gives them access to personal files, the Terminal, root privileges, the ability to connect and manage a database, and so on.
"This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised system", says Bitdefender Antimalware Lab technical leader Tiberius Axinte. "For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless".
You can read more about how it works here. Bitdefender has not provided a method of removing this malware, but the company recommends sticking to the default security setting and running security software on your Mac.