Backdoor.MAC.Eleanor is a new malware that is specifically targeted towards Mac users. Bitdefender has reported about this malware and how it could actually compromise your Apple Mac. Once this malware is installed, the attacker would be in complete control of your Mac and that literally includes your webcam, data & files, installing new files and ransomware.
Before getting into the solution, let us first understand how this malware actually got into your Mac
How did your Mac get infected
Oftentimes malware s are installed into the users PCs by exploiting the vulnerabilities in the system. The attacker chooses the least resistant path as the point of entry which is the user himself in this case.
Backdoor.MAC.Eleanor malware comes nicely packaged with the EasyDoc Converter application which on the surface looks legit. But, once this app is installed it fails to work. But the actual task of this app is to run and execute a malicious script in the background which installs a Tor based hidden service through which the hacker would anonymously access the Control-and-Command (C&C) center.
C&C is locally created on the infected machine by setting up a php based web service. The attacker will be able to remotely access and control your Mac once this web service is setup.
This malware also uses a tool called “wacaw” which would let the attacker to click pictures and record videos on the built-in webcam. The hacker would be able to play around with your files, run other malicious scripts and processes, send emails, reset the firewall and worst, could lock you out of your Mac!!
Check if your Mac has been infected
Luckily, this malware can only affect your Mac if has been installed and run on your machine.
Macs have an inbuilt security layer called Gatekeeper. Pretty much like its name suggests, Gatekeeper prevents unsigned apps from unknown developers from running on your Mac.
Check if the Gatekeeper is enabled on your Mac. If it is then it would show up a prompt saying “application cannot be opened” when you try to install unsigned apps from outside the Apple app store. You need to manually override the security to install unauthorized apps.
If your Gatekeeper is disabled then you might just have reason to worry about.
If you still have access to your Mac, consider yourself lucky and steps below remove the malware.
If this malware has infected your Mac, put a tape on the webcam (to protect your privacy) before proceeding further.
How to remove Backdoor.MAC.Eleanor
Download and install Malwarebytes Anti-Malware for Mac or Sophos Home. These have already been updated to detect this particular malware. If you already use a different anti-virus software, then check to see if they have an update for this particular malware.
Run a scan for the entire system
Delete the found malware and all its associated files and scripts. Remember to remove the source file too.
Now that this malware has been terminated from your Mac, you might want to enable the Gatekeeper by going to System Preferences > Security & Privacy > enable Gatekeeper.
To avoid such issues in future, make sure you don’t install unsigned applications and executable files untrusted sources outside the Mac store.
You also might want to regularly update your anti-virus software and run full scans on your Mac once every few days.