In the old days, before the rise of the iPad and iPhone, hackers were mostly content to leave Apple alone. They had such a tiny slice of the computer market that it was generally deemed as being more trouble than it was worth to create a virus that would only impact such a small number of devices.
Times, however, have changed. Apple is now the largest technology company in the world, and as they have grown, they’ve become an increasingly attractive target. Recently, security researchers from antivirus vendor Bitdefender have found a new backdoor program that gives hackers virtually unlimited access to Mac systems, over the Tor network.
If you haven’t heard of it, the Tor browser it’s one of the primary ways that users can reach sites on the Dark Web. The newly discovered malware, called “Backdoor.MAC.Elenor” appears, on the surface, to be a handy file conversion application, offered through a variety of reputable websites that sell Mac software.
On installation, the application executes a script that installs a series of components in a folder called “/Users/$USER/Library/.dropbox.” Given the popularity of Dropbox, using it as part of the folder name is a simple but effective camouflage that makes it easy for the malware to remain hidden.
The malware has three components. A web service with a PHP application, an agent that posts access URL’s to infected machines so that any hacker who knows the posting location can access the infected machine, and a hidden service that allows hackers to remotely connect to infected systems anonymously, over the Tor network.
Once connected, hackers are able to view, edit, rename, upload, download, and delete files on the system. They can even activate system accessories like an onboard camera and take pictures or video at will. The long and the short of it is that this is an especially dangerous piece of malware, and if you use Macs in your office, then your IT staff definitely needs to be on guard against it.