A lot of people think Macs are safe from the threat of viruses and Malware.
“I use a Mac, so I don’t need anti-virus” they say.
“There’s no such thing as Mac Malware” they say.
“They” are wrong.
In July of this a year, a new piece of Mac Malware was discovered that let the hacker gain full control of your computer – from remote access to your files to even being able to control your webcam.
According to BitDefender, who first reported it, Backdoor.MAC.Eleanor was found buried in an App purporting to convert documents from a couple less popular formats into Word format. Instead, all it does is install 3 malicious scripts on your computer.
How does this Malware work?
In a nutshell, Eleanor uses the Tor service to create a unique address for your computer, which it then uploads to a website, whereby anybody with access can get it.
It then creates a web server on your computer, so that anyone with the Tor address can access your computer from via a web portal, from where they have access to
File manager (view, edit, rename, delete, upload, download, and archive files)
• Command execution (execute commands)
• Script execution (execute scripts in PHP, PERL, Python, Ruby, Java, C)
• Shell via bind/reverse shell connect (remotely execute root commands)
• Simple packet crafter (probe firewall rule-sets and find entry points into a targeted system or network)
• Connect and administer databases
• Process list/Task manager (access the list of processes and applications running on the system)
• Send emails with attached files
It allows hackers to potentially change your computer passwords, locking you out from your own data and potentially blackmailing you to get access back.
Perhaps most frightening though, is that it also gives any hacker full access to your webcam, allowing them to take still images or record video.
Protecting your Mac from Malware
1. Only install software from trusted sources. In this instance, the app containing the malware seemed innocent enough, however it was not signed by Apple and not developed by a trusted developer. In order to install it, you would have had to ignore the warnings and have changed your Mac’d default settings to allow apps from untrusted developers.
2. Don’t change your Mac to allow apps from untrusted developers.
3. The most important thing is to run Anti-Virus on ALL computers, including Macs. We also recommend using Malwarebytes anti-malware as a second line of defence.
4. If you think something strange is going on with your computer, call or email Smart Sourced IT as soon as possible so we can investigate for you.
While this is only the second documented case of Mac Malware in 2016, it proves that they are out there, and they are VERY nasty. By taking a few precautions, you won’t be one of the people saying “I didn’t think Mac’s got viruses, so didn’t have AntVirus, and now I have to pay to get back access to my computer.”