New Dangerous Mac Malware Masquerades as
File Converter App
https://www.intego.com/mac-security-blo ... teal-data/" onclick="window.open(this.href);return false;
The new Mac
malware, identified by Intego VirusBarrier as
OSX/Eleanor
The malware also installs three agents, which are launched at each startup, in the user’s directory:
The TOR hidden service (allows to access the backdoor web service).
~/Library/LaunchAgents/com.getdropbox.dropbox.integritycheck.plist
The php web service (the backdoor control panel).
~/Library/LaunchAgents/com.getdropbox.dropbox.usercontent.plist
The PasteBin agent (used to store the unique TOR address of the controlled machine into pastebin.com).
~/Library/LaunchAgents/com.getdropbox.dropbox.timegrabber.plist
If you believe your machine is infected, you can verify the presence of the directory and files mentioned above.