A piece of malware targeting Mac computers named Backdoor.MAC.Eleanor is making the rounds. While it may still come as news to some users that Macs can get infected, Mac OS X — Apple’s flagship operating system — is just as vulnerable as Microsoft Windows. And as Apple’s share of the personal computing market grows, so too does its appeal to hackers.
Eleanor Gives Hackers Total Control
The Eleanor “backdoor” malware was discovered by security analysts earlier this month, but they believe it has been in the wildsince at least April. It was found hidden in a fake application named EasyDoc Converter on legitimate websites that host Mac app downloads. It has since been removed.
The Eleanor program inside EasyDoc Converter installs a hidden Command & Control (C&C) portal on a Mac that gives hackers the ability to edit and delete files, download programs, and stop your Mac’s core services. It even allows hackers to record audio and video from your Mac’s microphone and webcam.
Given this level of control, the consequences of catching the Eleanor backdoor are serious. Your Mac could become part of a remotely controlled botnet and used to attack outside businesses. Or the hackers could attack you by holding your files for ransom.
Macs Are Just as Vulnerable as PCs
The common computing myth persists that Macs do not get viruses, but security vulnerabilities exist in all software applications and operating systems. The more complex a piece of software is, the greater the risk for a vulnerability. In fact, OS X has the most publicly disclosed security vulnerabilities of any software product on the market today, surpassing Microsoft Windows and other popular operating systems.
This is not an indictment of OS X — not every single vulnerability on every platform is a critical risk — but it is a warning for business users not to assume that Apple’s history of fewer compromises is proof that they’re more secure. Currently, Macs make up just under 5 percent of the desktop computing market, but that market share is growing. That means their appeal to hackers is growing as well.
Best Practices for Securing Your Business’s Macs
Given this increasing risk of compromise, Mac users should make sure to follow the established best practices for securing any personal computer.
- Apply Regular Security Updates. Usually, as soon as a vulnerability is found, developers start fixing it. Installing security updates as soon as possible can help keep you ahead of the hackers.
- Limit Use of Administrator Accounts. Most day-to-day business operations will not require a computer account that has full administrator access.
- Disable Automatic Login. For PCs in public areas or where you’re concerned about physical security, this feature is a liability.
- Configure OS X’s Time Machine Backup. The best defense against ransomware or file corruption from other malware is to have a backup available.
- Use Reputable Endpoint Protection Software. Most of the major endpoint protection vendors have security software for Macs. Speak to your trusted IT expert about which application makes sense for your business.
If you suspect you have an infected Mac, speak to an IT security expert for servicing. While many security applications clean simple infections, more complex infections like the Eleanor malware can leave behind hidden components that could still damage your computer.
Get Further Advice on Business IT Security
Do you want further advice on how to handle the Eleanor malware or other IT security matters? Our team has years of experience to offer you. Inspired IT is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at (+61) 08 6142 8221 or send us an email at firstname.lastname@example.org for more information.