Malicious ‘Backdoor.MAC.Eleanor’ Discovered on Mac, But Here’s How You Can Protect Your Computer

Malicious ‘Backdoor.MAC.Eleanor’ Discovered on Mac, But Here’s How You Can Protect Your Computer
Text Size
- +

Toggle Dark Mode

From time to time, potentially harmful malware surfaces on Mac OS X — making even the world’s safest desktop operating system susceptible to an array of hacker-backed, system-wide viruses.

However, the most recently discovered Mac malware could take the cake, as the most potentially harmful to be discovered this year.

In an extensive analysis published by researchers at Bitdefender, the malware discovered just last week — (which has since been dubbed “Backdoor.MAC.Eleanor”) — appears to manifest when a hidden file by the name of ‘EasyDoc’ is installed and takes over a user’s system. Once installed by the user, the EasyDoc file is said to subsequently install a wide array of different malware on the host system.

Some of the potential anomalies that could arise as a result of the user mistakenly installing the malicious, 3rd party EasyDoc Converter file include its ability to access your Mac’s FaceTime camera, download other malicious files, execute commands autonomously, or even send unsolicited emails with attachments to your contacts.

In addition to EasyDoc being able to access a number of tools by which it can control your Mac’s FaceTime Camera, the inauthentic app can also take control of the entire machine — thanks to a hidden Tor service, which, as a free software download from most sites offering free Mac software downloads, allows for anonymous communication across a computer’s network.

The Tor file, once installed, gives rise to a hidden service that gives attackers unrestricted, anonymous access to the infected Mac via a PHP-based web server — coupled with an exclusive Tor-generated network address.

Of course, you might now be wondering, “well, what is this EasyDoc Converter, anyways?”

EasyDoc, which was previously available for free prior to its abrupt removal from the popular software download site, MacUpdate, on July 5th, is a 3rd party Mac app that’s essentially a drag-and-drop style file converter.


Seems simple and harmless enough, right? Well sure, but keep in mind that the file is inherently malicious.

The following is a fake description of the EasyDoc file as advertised by the utility’s developers, themselves:

“EasyDoc Converter is a fast and simple file converter for OS X. Instantly convert your FreeOffice (.fof) and SimpleStats (.sst) docs to Microsoft Office (.docx) by dropping your file onto the app. EasyDoc Converter is great for employees and students looking for a simple tool for quickly convert files to the popular Microsoft format. EasyDoc Converter lets you get to work quickly by using a simple, clean, drag-and-drop interface. The converted document will be saved in the same directory of the original file.”

MacUpdate, the original EasyDoc distributor, lists susceptible Mac systems as those powered by Intel processors running OS X 10.6 ‘Snow Leopard’ or later. Therefore, the Backdoor.MAC.Eleanor file is capable of infecting mid-2007 MacBooks — including MacBook Air and MacBook Pro models, as well as mid-2007 Mac minis, iMacs, and Mac Pros.

Fortunately, even despite EasyDoc’s harmful tendencies, there are plenty of ways to protect your Mac’s system utilizing Apple’s in-built ‘GateKeeper’ security protocols. The first logical method of protecting yourself, of course, would be to avoid downloading the EasyDoc utility altogether and, for your benefit, Apple’s default ‘GateKeeper’ security settings are meant to prevent unknown files of the such from being installed in the first place.


You can easily tweak your system’s security settings by navigating to System Preferences > Security & Privacy > General from your Mac desktop.

Additionally, if in the unfortunate case you’ve already downloaded EasyDoc, you can always install some standalone, 3rd party anti-malware software on your Mac — such as Malwarebytes, which has already been updated with the ability to detect ad remove the Backdoor.MAC.Eleanor file.

And, of course, Apple will likely update its own, in-built anti-malware protocols so that they’re capable of blocking EasyDoc and other malicious file extensions of the such, soon enough.

Has your Mac been affected by this malware? Let us know in the comments below.

Social Sharing