While you should always be vigilant against malware regardless of your device or operating system, MacBook users recently got a reminder about the importance of security, with the discovery of two new examples of macOS malware: Backdoor.MAC.Eleanor and OSX/Keydnap.
Thankfully, two new pieces of Mac malware in a week isnβt something that happens often, but it never hurts to brush up on your security skills!
In this article Iβll share some tips on how to keep your Mac safe from the Eleanor and OSX/Keydnap malware, plus some general security tips to prevent all forms of malicious software from infecting your MacBook.
Mac malware: What do you need to know?
Even though the term βmalwareβ is often used interchangeably with βvirus,β they are two different things. Instead of infecting your machine without your knowledge (like a virus), malware attempts to trick you into installing it, by disguising itself as legitimate software. Often, malware actually pretends to be software that helps protect your MacBookΒ againstΒ malware! Then, once the malware is installed it tries to gather information about you including your credit card and banking details. Β
macOS does have plenty of built-in security features that can help protect you from most known malware β plus, Apple are pretty good at issuing security updates as new malware is discovered. But donβt let this lull you into a false sense of security! No operating system is Β immune to malware. Thereβs a whole world of security threats out there, and reports of Mac malware seem to be getting more frequent.
So how do I keep my Mac secure?
Letβs look at the two new examples of Mac malware. Eleanor is a backdoor program, also known as a Trojan horse. Once installed, Eleanor allows attackers to perform all sorts of nefarious deeds, including executing commands and scripts; editing, deleting and stealing your files β and even snapping photos of you via your webcam! Β Β
In true malware style, Eleanor is distributed under the guise of useful software β in particular, a program known as Β βEasyDoc Converter.β
While itβs currently unknown exactly how Keydnap arrives on your computer, it takes the form of a ZIP file that you first have to extract, and then install. At this point, Keydnap downloads and install the backdoor component (icloudsyncd), which attempts to gain root access to your MacBook in a particularly sneaky way β it waits until you try to launch a different application and then spawns a window asking for your credentials, in exactly the same way a legitimate app would request admin privileges.
As youβve probably already noticed, thereβs a pattern here. Eleanor and Keydnap, just like all malware, relies on you actively downloading and running it, so one of the most effective ways of keeping your laptop secure is also the easiest: be careful about what you download!
Apple are very strict about the apps they can be distributed through their App Store, which is sometimes bad news for developers, but also helps to keep MacBook users safe. If you want to download a new app, then the App Store should be your first port of call, as there have been very few reported instances of the App Store distributing malware.
If the app you have in mind isnβt available through the App Store, then make sure you download it from a reputable source.
The most reputable source is always the appβs official website, or the website of the developer or company who created the app. Although there are many third party download sites out there, itβs not usual for these websites to wrap legitimate software inside of installers that contain adware, trialware, unwanted apps or, in the worst case scenario, malware. Β
If youβre tempted to download an app from a third party website, ask yourself: whatβs in it for the developer? Why would someone who put so much effort into creating an app, make it available for free through an external website? Best case scenario, the program is being offered without the developerβs permission (which is unfair anyway) but worst case scenario, the third party has ulterior motives in trying to tempt you into downloading the program through their website, and not via the official channel.
If youβre unsure, then always go with your gut β if it feels wrong, or too good to be true (for example, maybe a website is offering proprietary software for free) then chances are it is wrong. Play it safe and find an alternative place to download your app.
Also be wary of simply entering an applicationβs name into a search engine and clicking the first link that appears. Just because a website appears high in Googleβs search results, doesnβt automatically mean that itβs legitimate. Many third party websites are search engine optimisation (SEO) savvy, and know exactly how to score a top spot in Googleβs search results.
But letβs imagine youβve been tricked into downloading a dodgy file. The good news is that you still need to actively run and install this file, which means you have another chance to spot the malware for exactly what it is β so what are the warning signs you should be looking for?
Spotting Malicious Files
Anyone can get unique Developer ID from Apple and then use this to digitally sign their apps, but many malicious apps (including EleanorΒ and Keydnap) arenβt digitally signed by a valid Apple developer certificate.
Although you wonβt notice any difference when you download an unsigned app, when you try to install it macOS will warn you that this app is from an unsigned developer. This is another opportunity for you to consider whether this app might actually be malware.
Statistically speaking, unsigned apps are more likely to be malicious than signed software, so if youβre unsure about an unsigned app then itβs always best to delete it and search for an alternative download β or even better, an alternative app thatβs available through the App Store.
While you should always look at unknown packages with a suspicious eye, itβs important to note that just because an application is unsigned, doesnβt automatically make it malware β some developers simply choose not to digitally sign their applications.
If you do decide to go ahead and install an unsigned app, youβll need to right-click the downloaded file, select βOpenβ and then confirm that you want to launch the app.
How else can I prevent my MacBook from becoming infected?
HereβsΒ some additional tips and tricks you should bear in mind, to help ensure your MacBook remains malware-free:
- Ensure that your operating system is always up to date
As already mentioned, Apple are pretty good about issuing security updates, so one of the best ways to keep your Mac secure is to make sure youβre running the latest version of macOS. To check whether an update is available, open the App Store, select βUpdatesβ and look for any βSoftware Updates.β
You may also want to turn on automatic updates, by opening your MacBookβs βSystem preferencesβ¦β and selecting βApp Store.β Make sure βAutomatically check for updatesβ is selected, and then select βInstall macOS Updatesβ and βInstall system data and security updates.β
- Donβt be hooked by phishing scams
Another common trick for infecting your MacBook with malicious software, is to redirect from from a legitimate website, to a fake website that pretends to scan your laptop and then informs you that itβs detected a computer virus or other malicious software. Youβll then be offered the software you need to fix this exact problem (convenient).
If you install this software, itβll periodically pretend to scan your Mac, finding problems each time, and prompting you to enter more and more of your personal information in order to fix these problems β perhaps even outright requesting you to enter your credit card details.
While thereβs no definitive list of malware that follows this pattern, some known offenders are MacDefender, MacProtector and MacSecurity.
So, if you find yourself suddenly redirected to a website that claims your MacBook is infected, then you should immediately close your browser. If your browser refuses to close, then you can trigger a force quit by clicking the Apple logo in the menu bar, followed by βForce Quit.β
Select your browser from the list of running apps and give the βForce Quitβ button a click.
Depending on the malware youβve stumbled across, your browser might automatically download the malwareβs installer, so itβs always worth checking your MacBookβs βDownloadsβ folder. If you spot anything unusual, then drag it to the Trash can and immediately take out the trash.
- Beware of offline malware
Malware isnβt just an online phenomenon! Increasingly, scammers are branching out and actually calling people, claiming to be from a security-conscious organisation whoβs spotted malware on your computer. At this point, they offer to remove said malware β for a price.
If this happens to you, then put the phone down. No respectable company is going to ring you out of the blue requesting your credit card details in return for removing malware!
Before you go
After spending over 20 years working with Macs, both old and new, theres a tool I think would be useful to every Mac owner who is experiencing performance issues.
CleanMyMac is highest rated all-round cleaning app for the Mac, it can quickly diagnose and solve a whole plethora of common (but sometimes tedious to fix) issues at the click of a button. It also just happens to resolve many of the issues covered in the speed up section of this site, so Download CleanMyMac to get your Mac back up to speed today.

I pretty much lock my iMac and Macbook down, so that itβs tough for me to install anything that isnβt from the app store, but Iβve had no issues with malware, so thatβs a plus. I will say that your advice to just hang up is the best possible too. I had one of those companies call, saying they had βdetected a malicious program on my Windows 7 PC, and it must be removed right away.β I calmly said I didnβt own any PC, and did not have Windows installed on any Mac I own, only to be yelled at and berated for βnot caring that I was going to spread a virus.β I demanded a supervisor, and had to threaten to sue for them to remove my name. I still blocked their number, so be ready to either hang up, or have the caller who βwants to help youβ start yelling and calling you names for not giving them money.