The backdoor is apparently being hidden away in a phony file converter utility that’s being distributed via major sites like MacUpdate, according to a report from 9to5Mac. EasyDoc Converter purports to be a legitimate piece of software, but offers no functionality beyond downloading the backdoor.
MacUpdate has now been alerted to the issue, and has removed download links to the utility and delisted it from its search results. However, EasyDoc Converter is likely hosted on scores of different websites, and there could potentially be plenty of other fake pieces of software serving to distribute the backdoor.
Backdoor.MAC.Elanor could potentially be used to facilitate all manner of attacks on a victim’s computer. A hacker could use the backdoor in conjunction with other techniques to execute attacks ranging from data theft to a complete takeover of the system’s webcam.
Fortunately, the malicious app is not signed with an Apple Developer ID, which should make it easier for Mac users to avoid the backdoor. So long as your computer’s settings stipulate that it will only open apps from the App Store or from known developers, it shouldn’t be able to open.
However, there’s an important lesson about security to be learned here. There was a time when Macs weren’t considered to be at risk of malware attacks to the same extent that PCs are — evidently, that is no longer the case.
Editors' Recommendations
- How to tell if your webcam has been hacked
- Does your Mac really need antivirus software? We asked the experts
- The MacBook Air M3 has one change that fixes its biggest flaw
- My hopes for a new iMac Pro have been dashed — for now
- Apple has a chance to fix Mac gaming for good in 2024
