Beware! A new MAC OS X malware that disguises itself as another program was recently discovered by security researchers.
The malware, nicknamed Backdoor.MAC.Eleanor, is an extremely dangerous one since it allows attackers full control of the compromised machine and it is hard to detect.
Once infected, the attackers could remotely access a machine's file system and resources, open applications, send emails, capture pictures and videos through the webcam or lock the machine out, rendering it unusable. Basically, the attackers could do whatever they please.
The vector for the malware is an application called EasyDoc Converter, which advertises itself as a free Microsoft Office Word document converter. Once installed, it appears to have a simple drag and drop interface. If a user attempts to use it, it will not convert files as promised but it will download a malicious script instead.
The script then proceeds to install and register hidden services like Tor, which generates a unique anonymous address for the machine and a local web service that will allow the attackers to fully control it remotely. It also creates a fake .dropbox directory where it stores its components and registers them to system startup.
So how do you protect yourselves from malware in disguise such as this? First, make sure you have your Mac's security setting adjusted to only allow apps downloaded from the Mac App store and identified developers. For an even more secure system, select Mac App store only.
To access this, open System Preferences >> Security and Privacy >> click the padlock and enter an administrator password to unlock it, then make sure you select the right security setting.
Currently, the fake application is still available through reputable websites that offer legitimate Mac applications and software so please keep an eye out for this particular free download. It is not digitally signed by Apple so if you have the recommended security settings and you heed the warnings, the application will not install on your Mac.