OFFICIAL SECURITY BLOG
Tech News News Favorites Adware Medic Tech Guides About Us
Mac Malware GuideAdware Removal GuideMac Performance Guide

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

New Mac backdoor malware: Eleanor

Published July 6th, 2016 at 9:34 AM EDT , modified July 6th, 2016 at 9:34 AM EDT

A new piece of malware for Mac OS X has been discovered, according to a blog post from Bitdefender.

This malware, which Bitdefender is calling Backdoor.MAC.Eleanor, is only the second piece of true Mac malware spotted so far in 2016, the first being the KeRanger ransomware. (Of course, this is not taking the widespread and increasing plague of Mac adware into account.)

Read the full story on Malwarebytes Labs

Tags: , ,

5 Comments

  • YesOrNo? says:
    July 6, 2016 at 12:35 pm

    I cannot find a piece of this malware, maybe you did find or get one.

    So therefor I have a question to you: would this malware work in a local standard user environment?
    Would it work by not installing it in the applications directory but just (for example) using it from desktop environment?
    Does this app open the terminal.app for its shellcommands?
    And does this app – if running from a local environment – have enough permissions tot execute all necessary commands without being blocked by lack of permission rights (sudo permissions)?

    I ask this because Btedefender does not mention this and I was wondering if this could be the case because I can imagine people maybe happen to run little applications like these just locally and it would be nice to see if these kind of malware apps do not have any chance when running in a standard user environment.

    • Thomas says:
      July 11, 2016 at 1:38 pm

      This malware is fully functional in user space. It does not need root permissions, nor does it care where you put the dropper app (EasyDoc Converter). That app has no role except to install the malicious files.

      Running as a standard user does protect against some things, but it is by no means full protection against malware.

  • Pick up the rice says:
    July 11, 2016 at 1:21 pm

    Although you don’t post security related questions and comments from torbrowser users, the least you can do is paying a bit more attention to what is happening (not that much of mac malware is there?), because there is newer mac malware discovered by eset
    http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/
    So i do not mind not posting a comment or question but keep at least that security eyes wide open.
    By(e) the way, Eleanor discription/detection hash has already been added days ago to XProtect.

    • Thomas says:
      July 11, 2016 at 1:40 pm

      We are aware of Keydnap, and are working on some research of our own with regard to Keydnap that is not quite finished yet.

      Detection of both Eleanor and Keydnap was in place shortly after each was announced. We ARE paying attention.

  • Systweak Blog says:
    August 4, 2016 at 1:58 am

    I am waiting for your next post about Eleanor ans Keydnap. And I am sure that there will be unique information like each post on this blog.

This post is more than 90 days old and has been locked. No further comments are allowed.