OSX/Eleanor

OSX/Eleanor is a threat designed to attack computers running the Mac OSX. OSX/Eleanor has been active since at least Summer of 2016. The OSX/Eleanor attacks in the past, have been associated with bogus software downloads, such as a file converter application. Malware researchers received reports of the EasyDoc Converter, supposedly a program designed to help computer users convert file types. Instead of installing this application, some third parties are, instead, delivering OSX/Eleanor to the victim. This threat takes the form of a corrupted script that attacks the victims' machines, potentially endangering their privacy and putting them at risk financially.

Why You Should Avoid the OSX/Eleanor Trojan

OSX/Eleanor represents a serious threat to the victims that become infected with this malware. Once OSX/Eleanor has been installed on a computer, it allows the attackers to take over the infected computer, fully controlling it from their remote location. OSX/Eleanor is considered a backdoor Trojan. Backdoor Trojans gain their name because, much like an open back door on a house or building, they are designed to allow a criminal to bypass a computer's defenses and gain unauthorized access to the compromised computer. Once they have gained control of the infected computer, they can install any number of other threats or carry out a variety of attacks on the victim. Some examples of how a backdoor can be used may include allowing the criminals to collect private data, run other malware, gain access to the infected computer's microphone and webcam or collect financial information such as online banking passwords.

How the OSX/Eleanor Attack Works

The victims of OSX/Eleanor's past attacks had downloaded a fake application that installed OSX/Eleanor as it carried out its attack. Once installed, OSX/Eleanor will create its backdoor in the directory '~/Library/.dropbox' and install three components on the infected computer. These three components start up when the affected computer is launched automatically. OSX/Eleanor have three components associated with the attack, which include the following:

1. OSX/Eleanor installs a hidden service that uses TOR, allowing the criminals to access the infected computer via its backdoor through the Web. This service is installed to the path '~/Library/LaunchAgents/com.getdropbox.dropbox.integritycheck.plist.'
2. OSX/Eleanor installs a PHP Web service, which creates a control panel that the criminals can use to operate OSX/Eleanor from a remote location. The OSX/Eleanor control panel component is installed to the path '~/Library/LaunchAgents/com.getdropbox.dropbox.usercontent.plist.'
3. OSX/Eleanor also installs a PasteBin agent, which allows OSX/Eleanor to store OSX/Eleanor's TOR address to pastebin.com, allowing the attackers to access it easily and anonymously. The OSX/Eleanor PasteBin agent is installed to the path '~/Library/LaunchAgents/com.getdropbox.dropbox.timegrabber.plist.'

The directories and files mentioned above are an easy way to know if your computer is infected with OSX/Eleanor since threats like OSX/Eleanor are designed to work in the background and not alert the victim of their presence until it is too late to stop any damage such as the loss of crucial information or other malware from being installed.

Protecting Your Computer from Threats Like OSX/Eleanor

One of the most threatening aspects of OSX/Eleanor is that it affects the Mac OSX systems, which are generally thought to be safe from these threats, meaning that computer users may be more prone to lower their defenses. Since OSX/Eleanor does not have an Apple developer signature, an easy way to prevent this attack is to ensure that your computer's settings only allow the installation of applications downloaded from official sources and secure developers. Besides this, it is also crucial to use anti-malware software. Many computer users, believing that Mac OSX is immune to malware erroneously, will not use security software or will be lax in scanning their computers for malware or taking precautions when downloading online content regularly. Having preventive software and security settings is the best way to limit the damage from threats like OSX/Eleanor.