New Apple Computer Malware Discovered

By Richard Anderson

Because it is relatively rare for new Apple computer malware to be developed. Malware developers prefer to concentrate on malware to target Windows devices. It is easier, and the profits are higher because there are more potential victims.

However, in recent years there has been a significant increase in new Apple computer malware. This year, two new forms of malware have been discovered by security researchers.

The latest variants of Apple computer malware – Eleanor and KeRanger – could cause certain Mac users serious problems. KeRanger was discovered in March of this year. KeRanger is a form of ransomware that targets the OS X platform. It is only the second ransomware variant discovered that specifically targets Mac users, the first being 2014’s FileCoder ransomware. FileCoder was discovered by Kaspersky Lab, but at the time it was incomplete. KeRanger is the first fully functional ransomware variant to be discovered that targets to OS X platform.

The latest Apple computer malware to be discovered is potentially serious, although it is only likely to affect a limited number of Mac users. Eleanor is an OS X backdoor program which could be used by attackers to gain full access to an infected Mac. Once installed, the malware assigns each device to a hidden Tor website. An attacker can then use the backdoor to browse the files stored on the device, send emails, install software, execute commands, or turn on the webcam.

KeRanger used a valid Mac Developer ID which allowed the malware to bypass Apples Gatekeeper program, which prevents rogue software from running. The Developer ID has since been revoked. Provided the Gatekeeper is set to only allow apps to run that have been downloaded from the official Mac App store, end users will be protected. Eleanor does not have a valid developer ID, which means that Gatekeeper should block the malware. Users who have turned off the Gatekeeper feature to allow them to download unauthorized apps will be at risk of infection.

Eleanor is downloaded in a fake software program called EasyDoc Converter, which allows Mac users to easily convert certain file types into Word formats. Installing the app will install the Eleanor backdoor. Users will be unaware that the malware is running in the background and their computer has been opened up to an attacker. Eleanor affects OS X 10.6 or later versions of the OS.

The fake app is not available through the official Apple App store, but it was on a number of third party sites such as MacUpdate. Bitdefender has already issued a malware removal tool that can clean Eleanor from an infected computer.

Apple computer malware may not be common, but there was a five-fold increase in new Apple computer malware in the past year. Compared to Windows malware, Mac malware is very rare. However, there is a risk of malware downloads and anti-virus software should be employed. Software should also only ever be downloaded from trusted sources to reduce the risk of an infection.

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news