Malware on Mac is pretty rare compared to Windows and Android, however, recently, a new type was discovered called “OSX/Eleanor-A”. With the OSX/Eleanor-A, even amateur hackers can land devastating attacks to the victims’ systems using the tools of the malware.
The OSX/Eleanor-A pretends to be a popular utility among Mac users called “EasyDoc Converter”. The original program’s function is to help Mac users read Windows files and vice versa.
The app is easy to install and try, however, in the background, it creates a hidden folder containing a bunch of programs and scripts. The files seem mostly harmless when considered individually, most of them are readily available as free tools. All of these components stay behind when you exit and uninstall the EasyDoc Converter “decoy” app. The OSX/Eleanor-A uses a system utility to set up these tools to run in the background. The programs are configured as OS X LaunchAgents, software components loading in the background when you log in.
One of the background applications is a copy of the Tor browser. The malware starts up the app not only to connect your computer to the anonymous Tor network, but to also advertise your computer to the dark web. The second