A new piece of malware for Mac OS X has been discovered, according to a blog post from Bitdefender.
This malware, which Bitdefender is calling Backdoor.MAC.Eleanor, is only the second piece of true Mac malware spotted so far in 2016, the first being the KeRanger ransomware. (Of course, this is not taking the widespread and increasing plague of Mac adware into account.)
The malware was available on MacUpdate, in the form of a free app called EasyDoc Converter. The app purports to convert a couple file formats into Microsoft Word files, but there’s no sign that it actually does this. Instead, it installs a backdoor when run.
The app is not signed with a certificate issued to an Apple developer ID. This is fortunate, in a way, as this makes it more difficult to open. (By default, Mac OS X will not open unsigned apps.) However, it’s also unfortunate, because a determined user will be able to open it anyway, and because there’s no certificate involved, Apple cannot kill the app by revoking the certificate.
When the app is opened, it runs a shell script whose first task is to check for the presence of Little Snitch.
If LittleSnitch is not present, and if the malware has not already been installed, it then installs three LaunchAgents in the user folder plus a hidden folder full of executable files. All these items have names that attempt to make them seem like Dropbox components.
0 komentar:
Posting Komentar