OSX/Eleanor [Threat Name] go to Threat
OSX/Eleanor.A [Threat Variant Name]
|Detection created||Jul 05, 2016|
|Signature database version||13758|
The trojan serves as a backdoor. It can be controlled remotely. The trojan can be used to gain full access to the compromised computer.
When executed, the trojan creates the following folders:
The following files are dropped:
The trojan disguises itself as the EasyDoc Converter application.
In order to be executed on every system start, the trojan creates the following file:
The trojan quits immediately if any of the following applications is detected:
- Little Snitch
OSX/Eleanor.A is a trojan that steals sensitive information.
The trojan collects the following information:
- webcam video/voice
- list of running processes
- list of files/folders on a specific drive
The trojan attempts to send gathered information to a remote machine.
The trojan opens some HTTP, SSH ports:
The TOR protocol is used in the communication.
The trojan acquires data and commands from a remote computer or the Internet.
It can execute the following operations:
- capture webcam video/voice
- execute shell commands
- various filesystem operations
- send files to a remote computer