There’s a new malware attacking Mac’s that is easy even for amateur hackers to use to take over your computer remotely. It’s called OSX/Eleanor-A, and it is devastating systems. It pretends to be a popular utility among Mac users called “EasyDoc Converter.” This program’s original function is to help Mac users read Windows files and Window users to read Mac files.
Easy to install and try, it creates a hidden folder containing a lot of programs and scripts. These all stay behind in your device after you exit and uninstall the EasyDoc Converter “decoy.” The OSX/Eleanor-A sets up tools which run in the background. They are then configured as software components loading in the background when you log into your computer.
One of the background applications is a copy of something called the Tor browser. It’s function is to conceal users’ identities and their online activity from surveillance and traffic analysis. It does this by using encryption.
OSX/Eleanor-A not only starts the app that connects your computer to Tor but it also advertises it to the dark web. (The dark web is the World Wide Web content that exists on networks which use the public Internet but require specific software, configurations or authorization to access. It is the part of the Web not indexed by search engines). It is not a safe place to explore.
A second program running in the background runs a script allowing your computer and files to be accessed with a web browser. This means anyone can take over your computer remotely.
Next, a third background program uploads the name of your hidden service to something called a Pastebin account. (Pastebin is a popular website for storing and sharing text. It’s mostly used for distributing legitimate data, it is also used as a public repository of stolen information, such as network configuration details and authentication records).
Your hidden service name is a unique, randomly chosen string of 16 characters that lets other Tor users connect to you. Once your service name is loaded, the application removes itself. Meaning you most likely won’t even know your device was accessed.
Malware writers put all the components into a single application download that looks and acts like EasyDoc Converter. It doesn’t require administrator approval to run so you won’t see any prompts to enter an admin password.
If you are having issues related to your Easy Doc Converter call WynWay for an appointment immediately. We can help.
At WynWay, we provide technology services to clients across the country while being locally owned and operated in Greencastle, Indiana. Call our office at 765-692-3100 for an appointment. We are open from 10 am to 6 pm Monday to Friday.
Our services include, but are not limited to:
Individual and Business Training
Individual and Business Monthly Tech Support
Are we missing something that you need? Contact us and we can work together to find a solution.
Photo credit: https://stixproject.github.io/images/Malware.png