The backdoor is apparently being hidden away in a phony file converter utility that’s being distributed via major sites like MacUpdate, according to a report from 9to5Mac. EasyDoc Converter purports to be a legitimate piece of software, but offers no functionality beyond downloading the backdoor.
MacUpdate has now been alerted to the issue, and has removed download links to the utility and delisted it from its search results. However, EasyDoc Converter is likely hosted on scores of different websites, and there could potentially be plenty of other fake pieces of software serving to distribute the backdoor.
Backdoor.MAC.Elanor could potentially be used to facilitate all manner of attacks on a victim’s computer. A hacker could use the backdoor in conjunction with other techniques to execute attacks ranging from data theft to a complete takeover of the system’s webcam.
Fortunately, the malicious app is not signed with an Apple Developer ID, which should make it easier for Mac users to avoid the backdoor. So long as your computer’s settings stipulate that it will only open apps from the App Store or from known developers, it shouldn’t be able to open.
However, there’s an important lesson about security to be learned here. There was a time when Macs weren’t considered to be at risk of malware attacks to the same extent that PCs are — evidently, that is no longer the case.
Editors' Recommendations
- The Dell XPS 15 has one major advantage over the MacBook Pro
- Apple has been secretly working on a ChatGPT rival for years
- Major leak reveals every secret Mac Apple is working on
- This critical exploit could let hackers bypass your Mac’s defenses
- Is macOS more secure than Windows? This malware report has the answer
