[Updated: 2016-07-07 @1
This malware should be more correctly called OSX.Trojan.Eleanor.A . In the field, it is called Backdoor.MAC.Eleanor of BitDefender LABS . It is being served to victims on a number of websites, including apparently MacUpdate.com. BEWARE!
I will make my own write up about malicious software, as further details are available. For now, here are some good sources of information about Eleanor :
Backdoor.MAC.Eleanor Grants Attackers Full Access to Mac Systems
– – The program name is EasyDoc Converter.app and its main functionality should be to convert documents, but it does anything but that. . .
New Mac Malware in Nature, Backdoor.MAC.Elanor – can steal data, run code, control camera
More about Eleanor from my colleague Thomas Reed over at Malwarebytes :
When the app is opened, it runs a shell script whose first task is to check if Little Snitch is present. . . . If LittleSnitch is not present, and if malware is not already installed, it installs three LaunchAgents in the user folder, plus a hidden folder full of executable files. All of these items have names that try to make them appear as Dropbox Components ….
Interestingly, this app's MacUpdate page has ratings delivered by users between 2014 and March 26, 2016, anything but one of them 4.5 or 5 stars. Since this malware appears to be "turned on" in April, I suspect that the real EasyDoc Converter may have been left by its developer and in some way obtained by malware authors ] ….
If you have Malwarebytes Anti-Malware for Mac it will detect this malware as OSX.Backdoor.Eleanor.
I .E. The free Malwarebytes Anti-Malware for Mac already detects Eleanor. Use the link in the quotation above. And Dan Goodin of Ars Technica posted an article about Eleanor and a few other pests: [ Pellit and Keydnap . I am waiting for more details about these last two before I do not like to write about them.
Remember that such malware may have any name. Therefore, just avoid "EasyDoc Converter". Watch out for ALL applications that are not signed by an Apple-approved developer via any source.