Bitdefender has posted a blog about a new piece of Mac malware they are calling “Backdoor.MAC.Elanor.” This is only the only the second piece of true Mac malware spotted so far in 2016, the first being the KeRanger ransomware.
Notably, the malware is currently still available on MacUpdate in the form of a free app called EasyDoc Converter. It poses as a drag-and-drop file converter, but has no real functionality – it simply downloads a malicious script. Bitdefender says this is a nasty backdoor that can steal data, execute remote code and access the webcam, among other things.
This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised system,” says Tiberius Axinte, Technical Leader, Bitdefender Antimalware Lab. “For instance, someone can lock you out of your laptop, threaten to blackmail you to restore your private files or transform your laptop into a botnet to attack other devices. The possibilities are endless.”
This app is not digitally signed by Apple. As a good safety precaution, Bitdefender recommends downloading applications exclusively from reputable websites, and using a security solution for Apple devices a seto fend off Mac-targeting malware and other specific threats.