OSX/Eleanor
The OSX/Eleanor is a backdoor Trojan that also includes features of spyware for collecting information. Its previous infection vectors include fake document format-converting applications for Mac users. OS X users can protect their machines with the guidelines in this article and use a compatible anti-malware product for deleting the OSX/Eleanor and re-securing the system.
The File Converter that's Far Too Hands-On
The revealing of a backdoor Trojan for Mac's OS X environment is coming from an unexpected place: the MacUpdate, a prominent download repository for Mac-compatible freeware and premium software. While the website isn't under the ownership of Apple Inc., its successful business history makes it relatively trustworthy as a location for finding new programs. Unfortunately, a threat actor took advantage of that fact for distributing his backdoor Trojan: the OSX/Eleanor.
The download and installation mechanism disguises itself as 'EasyDoc Converter' on various software-oriented websites, including the above MacUpdate domain (which has removed the offending download). However, the so-called converter has no format-converting features, and, instead, is a Trojan downloader that pulls a remote script for executing the OSX/Eleanor's installation. No symptoms accompany this infection, which runs the backdoor Trojan in concealment for granting remote attackers access that's equivalent to that of an administrator.
Malware experts can confirm all of the following parts of the OSX/Eleanor's core features, which it runs through an admin-side panel:
- The attacker can manage files in totality, including renaming, deleting, moving, opening, uploading or downloading them.
- The OSX/Eleanor can execute hidden Terminal (the equivalent of the Windows Command Prompt) instructions for causing additional system changes.
- All processes are open to viewing and individual management, such as closing a program arbitrarily.
- The OSX/Eleanor also includes built-in e-mailing support, for the threat actor's convenience for attaching files presumably.
- A handful of data-collecting features are also in the OSX/Eleanor's payload, including, notably, accessing any webcam devices.
Keeping Your Computer from Converting Itself into a Backdoor Problem
While the OSX/Eleanor's installation is characterizable as being completely silent accurately, malware analysts confirm the presence of some visible components. Three, separate startup agents facilitate the OSX/Eleanor's Command & Control networking, which uses TOR for its basis. TOR, previously The Onion Router, is a typical solution for criminals trying to protect their identities while committing crimes involving network communications.
Windows and Linux users should have no issues from the current versions of the OSX/Eleanor attacks, which are OS X programs consistently. However, for Mac users, disabling applications that aren't from Apple-approved developers should block the threat's installation. The OSX/Eleanor doesn't have a digital signature for hiding its identity, and most anti-malware programs for the operating system should remove the OSX/Eleanor.
When even reputable download sites become Trojan havens, it's up to each user to compensate by protecting themselves individually. Strong anti-malware protection and scanning files before clicking them carefully are, unfortunately, the last and sometimes the only line of defense against professional Trojans like the OSX/Eleanor.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.