If you’re still under the mistaken belief that Macs are secure and immune from viruses and other malware, this should make you think twice. Bitdefender Labs has found what it has dubbed Backdoor.MAC.Elanor. Here’s what it can do to you:
The script installs and registers the following components to system startup:
Tor Hidden Service
This component creates a Tor hidden service that allows an attacker to anonymously access the control-and-command center from the outside – a local web server dubbed Web Service (PHP) – via a Tor-generated address.
Web Service (PHP)
This component acts as the C&C center and gives the attacker full control over the infected machine. The web service is set up locally and can be accessed through the “onion” address. After authenticating with the correct password, attackers gain access to a web-based control panel with the following abilities:
• File manager (view, edit, rename, delete, upload, download, and archive files)
• Command execution (execute commands)
• Script execution (execute scripts in PHP, PERL, Python, Ruby, Java, C)
• Shell via bind/reverse shell connect (remotely execute root commands)
• Simple packet crafter (probe firewall rule-sets and find entry points into a targeted system or network)
• Connect and administer databases
• Process list/Task manager (access the list of processes and applications running on the system)
• Send emails with attached files
It also uses a daemon to grab updates and fetch files from the user’s computer or execute shell scripts.
Pastebin Agent
Every infected machine has a unique Tor address that the attacker uses to connect and download the malware. All the addresses are stored on pastebin.com using this agent, after being encrypted with a public key using RSA and base64 algorithms.
Consequences
“This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised system,” says Tiberius Axinte, Technical Leader, Bitdefender Antimalware Lab. “For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless.”
This is pretty scary. At present, the only way to get infected by this is to get a third-party app called EasyDoc Converter, which poses as a drag-and-drop file converter. So a simple way to protect yourself is to not download this app. Since the app isn’t signed by Apple, Gatekeeper can act as an extra layer of protection. But this shows Mac users two things. First, the Mac platform isn’t as secure as they think it is. Second, everyone regardless of platform needs to exercise caution when they go on the net to avoid being a victim of something like this.
Like this:
Like Loading...
Related
This entry was posted on July 6, 2016 at 12:41 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Extremely Dangerous Mac Malware In The Wild
If you’re still under the mistaken belief that Macs are secure and immune from viruses and other malware, this should make you think twice. Bitdefender Labs has found what it has dubbed Backdoor.MAC.Elanor. Here’s what it can do to you:
The script installs and registers the following components to system startup:
Tor Hidden Service
This component creates a Tor hidden service that allows an attacker to anonymously access the control-and-command center from the outside – a local web server dubbed Web Service (PHP) – via a Tor-generated address.
Web Service (PHP)
This component acts as the C&C center and gives the attacker full control over the infected machine. The web service is set up locally and can be accessed through the “onion” address. After authenticating with the correct password, attackers gain access to a web-based control panel with the following abilities:
• File manager (view, edit, rename, delete, upload, download, and archive files)
• Command execution (execute commands)
• Script execution (execute scripts in PHP, PERL, Python, Ruby, Java, C)
• Shell via bind/reverse shell connect (remotely execute root commands)
• Simple packet crafter (probe firewall rule-sets and find entry points into a targeted system or network)
• Connect and administer databases
• Process list/Task manager (access the list of processes and applications running on the system)
• Send emails with attached files
It also uses a daemon to grab updates and fetch files from the user’s computer or execute shell scripts.
Pastebin Agent
Every infected machine has a unique Tor address that the attacker uses to connect and download the malware. All the addresses are stored on pastebin.com using this agent, after being encrypted with a public key using RSA and base64 algorithms.
Consequences
“This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised system,” says Tiberius Axinte, Technical Leader, Bitdefender Antimalware Lab. “For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless.”
This is pretty scary. At present, the only way to get infected by this is to get a third-party app called EasyDoc Converter, which poses as a drag-and-drop file converter. So a simple way to protect yourself is to not download this app. Since the app isn’t signed by Apple, Gatekeeper can act as an extra layer of protection. But this shows Mac users two things. First, the Mac platform isn’t as secure as they think it is. Second, everyone regardless of platform needs to exercise caution when they go on the net to avoid being a victim of something like this.
Share this:
Like this:
Related
This entry was posted on July 6, 2016 at 12:41 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.