A newly discovered malware exploits Tor to open a backdoor on Mac OS X systems
Researchers from Bitdefender security company have discovered a new malware that opens a backdoor via the Tor network on Mac OS X systems. Bitdefender researchers have dubbed Backdoor.MAC.Eleanor malware.
Security researchers said the creators of Eleanor spread it malware through phishing and EasyDoc Converter, an app for Mac that allows users to convert files by dragging them into a small window. According to Bitdefender, EasyDoc is actually only created to run Eleanor malware.
According to security researchers, EasyDoc downloads and runs a malicious script that installs and records on startup three new elements: the hidden Tor service, a PHP Web service, and a Pastebin.
Once Eleanor is installed on the Mac OS X PC, Tor automatically connects the infected computer to the Tor network and creates a .onion domain through which the attacker can access the user's system by using only one browser.
Here is where the Pastebin agent interferes as the agent gets the locally generated .onion domain and adds it to a Pastebin URL after being encrypted with a public key using RSA and base64 algorithms. The scammers can then access this Pastebin link.
Researchers say that malicious software then allows cyber criminals to navigate and interact with the victims. They can execute root commands and start and execute all kinds of PHP, Perl, Python, Ruby, Java, or C scenarios. They can also use the infected computer to infect more Mac OS X computers by sending similar phishing messages to friends and relatives of the victim. Eleanor can also use them victims Mac as an intermediary point to connect and manage databases and scan remote firewalls to open a gap.
In short, the PC of the victim is fully controlled by Eleanor's creators. They can use it to send spam, DDoS, for fishing, and to do whatever they want.