New Backdoor Allows Full Access to Mac Systems

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Security researchers have discovered new malware that uses Tor to open a backdoor on OS X systems. Poor Mac users, if getting backdoored by Apple wasn't bad enough, they have to worry about hackers now too.

A new piece of malware, dubbed Backdoor.MAC.Eleanor by Bitdefender researchers, exposes Apple systems to cyber-espionage and full, clandestine control from malicious third-parties. The backdoor is embedded into a fake file converter application that is accessible online on reputable sites offering Mac applications and software. The EasyDoc Converter.app poses as a drag-and-drop file converter, but has no real functionality – it simply downloads a malicious script.
 
Steve said:
Poor Mac users, if getting backdoored by Apple wasn't bad enough, they have to worry about hackers now too.
Click to expand...

ISWYDT.jpg
 
You have to specifically download the software that opens the backdoor it won't install itself, so nothing new here.
 
Presbytier said:
You have to specifically download the software that opens the backdoor it won't install itself, so nothing new here.
Click to expand...

Also true for a lot of Windows exploits but that still doesn't stop dishonest Mac users from calling them viruses.
 
Lol poor windows users have a million attacks far worse than this so they're no longer even newsworthy.

It's like a toothless man would have a big toothless shout 'haa-haa! You got your first cavity!'
 
rat said:
Also true for a lot of Windows exploits but that still doesn't stop dishonest Mac users from calling them viruses.
Click to expand...
A lot of them do auto install themselves, something that can't actually happen on a Mac. I haven't had issues with viruses on a PC in years though.
 
Terpfen said:
Blocked by Gatekeeper. Default OS X settings prevent this from ever happening.

Yawn.
Click to expand...

If all the software that you install is approved/signed by apple, then yeah. But who the hell wants to use a closed software environment like that? If you say that you do, you're lying to yourself.
 
B00nie said:
Lol poor windows users have a million attacks far worse than this so they're no longer even newsworthy.

It's like a toothless man would have a big toothless shout 'haa-haa! You got your first cavity!'
Click to expand...

The reason they don't make viruses for OS X is not because it's so hardened, but because it's not worth it. You target the biggest return and that would be the OS with 88% marketshare. So in that case, Mac's lack of popularity helps it.
 
Spidey329 said:
The reason they don't make viruses for OS X is not because it's so hardened, but because it's not worth it. You target the biggest return and that would be the OS with 88% marketshare. So in that case, Mac's lack of popularity helps it.
Click to expand...

Even so, technically every method to jailbreak iOS devices is an exploit that can also be used by malware. The only difference is INTENT. So it's pretty much complete ignorance when anyone who has a Jailbroken iPhone or iPad is talking about how much more secure their device is compared to (insert OS here)...
 
This is what happens when you become too popular. Then again, I think finding bugs have become a badge of honor for the security researchers. Just like everyone else, they're seeking fame and recognition that come as a result. Since everyone benefits, I guess it's a good thing.
 
Last edited:
rat said:
Even so, technically every method to jailbreak iOS devices is an exploit that can also be used by malware. The only difference is INTENT. So it's pretty much complete ignorance when anyone who has a Jailbroken iPhone or iPad is talking about how much more secure their device is compared to (insert OS here)...
Click to expand...

iOS != OSX, or w/e they call it now. Nobody talked about their jail broken device being more secure.
 
Thanks for the information Steve. Of course, vulnerabilities exist in all operating systems and none of us are truly as secure as we need to be. Those who are capable of exploiting these vulnerabilities are already far ahead of anything we know are think we know. For those who think they are secure because they use Linux, good luck with that because, unfortunately, those who have the money and technology are far beyond and capable of more than we could ever think of. It does not help that those with the capability of doing it are also outside of the law.

Or put another way, if those in charge see no issue with spying on press and literally deleting their data and invading their computers, what does that say about the rest of us?

Presbytier said:
You have to specifically download the software that opens the backdoor it won't install itself, so nothing new here.
Click to expand...

LOL! Not really a problem for those that know what they are doing.
 
The only thing different with this "app" from any other executable is that it betrays the trust of the user. You can do anything on a computer (any computer) if the user authorizes it.

That's how computers work.

You can install anything you want on an Apple. It will hassle you by default, but it is easily bypassed.

I have had Windows refuse to download certain files that it did not have enough experience with.

It is super easy to hack a computer if the user hits accept. Any of you could probably come up with a hack. Thus its not a hack, it's a misuse of trust.
 
Windows Users: "Move along, we are well experienced in dealing with these threats" Windows users are like a battle tested army. MAC users are sort of like pansies.
 
MRAB54 said:
If all the software that you install is approved/signed by apple, then yeah. But who the hell wants to use a closed software environment like that? If you say that you do, you're lying to yourself.
Click to expand...

Irrelevant. Most people use their computers without ever changing the default settings. The fact that Gatekeeper is enabled by default is enough to make this a non-issue. The people smart enough to disable Gatekeeper are also smart enough to avoid the malware.

This is a non-issue.

Nukester said:
Windows Users: "Move along, we are well experienced in dealing with these threats" Windows users are like a battle tested army. MAC users are sort of like pansies.
Click to expand...

What does Media Address Control have to do with this?
 
Terpfen said:
Blocked by Gatekeeper. Default OS X settings prevent this from ever happening.

Yawn.
Click to expand...

Yeah, and I don't know a single Mac users who only uses software approved by Apple.

One of the most frequent questions by Mac users online is "how do I install this software that MacOS just blocked me from installing."
 
The Apple security equation still hasn't changed:
  • Apple Advantage: Apple benefits from security by obscurity. despite their successes in the last decade or so, they are still dwarfed by PC's on the internet as a whole. People who go through the trouble of coding exploits/viruses/malware are going to target the biggest audiences first. There are more potential gains that way.
  • Apple Advantage: OS X is based on BSD, which uses the *nix model of user permissions, which is the most tested and secure of them all. Windows has however caught up here ever since UAC came around with Vista, so the difference isn't as great as many would suggest.
  • Apple Mixed blessing: Apple digitally signs approved software. This means that if you stay within Apples walled garden, things are more secure, but you are also more limited, unless - of course - you circumvent it and install unapproved software anyway.
  • Apple Disadvantage: Apple is desperately slow at patching known exploits, leaving some of them open for months or even years.
  • Apple Disadvantage: Apples lack of transparency on known exploits and patching exacerbates the problem, by people having a difficult time knowing if they are at risk and what they can do to protect themselves. Apple prefers secrecy in order to preserve the illusion that they are impervious to exploits, viruses and malware.
  • Apple Disadvantage: Apple antivirus/anti malware software is not widespread, making it very difficult to find and address the exploits that do exist.
  • Apple Disadvantage: False sense of security among Apple users results in them being less vigilant to viruses and exploits.


At the end of the day it isn't clear to me that either OSX or Windows has a clear advantage on security. They have different problems though.

I feel like Linux is more secure than either due to it being:
  • More obscure than even OSX, thus more security through obscurity.
  • Intensely fragmented between distributions and versions, makes it rare that an exploit would work on the entire install base
  • Also uses *nix user/permissions system
  • Fastest patching of newly discovered security vulnerabilities of all operating systems
  • Full transparency means that knowledge regarding new exploits and how to temporarily workaround them until patched is available to everyone quickly.
  • unified package managers that make sure not just the OS, but all the installed software is kept up to date, reducing the likelihood that some piece of software with an old, known vulnerability is installed and running.
  • Typically the most seasoned and competent user base when it comes to computers and security

Linux also has some disadvantages though, including:
  • Users overconfident in the security of their systems not taking precautions.
  • Blind trust of third party programs / third party PPA repositories.
  • Relative lack of security scanning software. (ClamAV exists, but it is really focused on detecting known Windows viruses on shared systems)

If I were to design an exploit for Linux machines, I'd certainly do it by putting up a fake PPA for some major open source project that doesn't distribute binaries, and have it install compromised binaries for functioning software. People seem to blindly trust those things for no good reason.
 
Zarathustra[H] said:
Yeah, and I don't know a single Mac users who only uses software approved by Apple.

One of the most frequent questions by Mac users online is "how do I install this software that MacOS just blocked me from installing."
Click to expand...
Basically this.

Just last week, a coworker tried to install Windows Movie Maker, but somehow ended up downloading from a website with a name like free-movie-maker.org and she called me when it wouldn't install under her non-admin account. What *did* install was a trojan and it setup scheduled tasks to run on login and at 1:40am. I'm going to have to setup a new firewall and block executables from even getting to the users at this point.
 
MRAB54 said:
If all the software that you install is approved/signed by apple, then yeah. But who the hell wants to use a closed software environment like that? If you say that you do, you're lying to yourself.
Click to expand...
Or, you can not be an imbecile and actually think before you click.

Gatekeeper says this isn't signed. Pay attention to whether it's the thing you just downloaded and whether you want to run it anyway. If yes, it runs. If no, it doesn't.
Probably sounds complicated to some people here yet somehow all those "stupid" OS X users seem to have minimal issue...
 
mope54 said:
Or, you can not be an imbecile and actually think before you click.

Gatekeeper says this isn't signed. Pay attention to whether it's the thing you just downloaded and whether you want to run it anyway. If yes, it runs. If no, it doesn't.
Probably sounds complicated to some people here yet somehow all those "stupid" OS X users seem to have minimal issue...
Click to expand...

You don't seem to understand how things work. Any time you install software, you are taking a leap of faith that the software isn't doing anything malicious (it is what it says it is). So, you think that any software you manually downloaded is safe to install? That's a dangerous assumption.

The point I am getting at is this isn't a Mac vs whatever problem. Get off your high horse and realize this is just a general security problem with regards to trusting applications.
 
You must log in or register to reply here.
Back
Top