Security Affairs
U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog|CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code|Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets|Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)|Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available|AI-Generated Malware Powers New Armored Likho APT Campaign|Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Eleanor malware uses a Tor backdoor to control Macs

A malicious application named EasyDoc Converter.app delivers a sophisticated malware dubbed Eleanor malware that opens a Tor backdoor on the victim’s machine. Experts from security firm Bitdefender have spotted a new malware, dubbed Eleanor malware (Backdoor.MAC.Eleanor), that once compromised Macs set up a backdoor through Tor network. The malicious application, dubbed EasyDoc Converter.app, pretend to be a […]

Eleanor malware uses a Tor backdoor to control Macs

A malicious application named EasyDoc Converter.app delivers a sophisticated malware dubbed Eleanor malware that opens a Tor backdoor on the victim’s machine.

Experts from security firm Bitdefender have spotted a new malware, dubbed Eleanor malware (Backdoor.MAC.Eleanor), that once compromised Macs set up a backdoor through Tor network.

The malicious application, dubbed EasyDoc Converter.app, pretend to be a file converter, unfortunately, it delivers a sophisticated malware on the victim’s machine. Once infected the target, the malicious code recruits it as part of a botnet or spies on the victim’s machine.

“The backdoor is embedded into a fake file converter application that is accessible online on reputable sites offering Mac applications and software. The EasyDoc Converter.app poses as a drag-and-drop file converter, but has no real functionality – it simply downloads a malicious script.”  said Tiberius Axinte, Technical Leader, Bitdefender Antimalware Lab.

Once infected a Mac, the malware grants full access to the file system as reported by Bitdefender.

“This type of malware is particularly dangerous as it’s hard to detect and offers the attacker full control of the compromised system,” 

The Backdoor.MAC.Eleanor malware sets up a hidden Tor service and a PHP web server, it exposes a .onion domain that could be accessed by the attacker to control the bot.

Eleanor malware Tor

The Eleanor malware is able to use the camera on the infected machine by using the open-source tool wacaw. The attacker is able to take pictures of the victims and blackmail them.

Every infected Mac is associated with a Tor address, all the addresses are stored on pastebin.com using a PasteBin agent. The addresses are encrypted with a public key using RSA and base64 algorithms.

The malicious app used to deliver the Eleanor malware is not digitally signed by Apple, this means that by downloading applications exclusively from official store and reputable websites.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –Eleanor malware, backdoor)