Malware was available on MacUpdate, in the form of a free app called EasyDoc Converter. The app is not signed with a certificate issued to an Apple developer ID. By default, Mac OS X will not open unsigned apps. Because theres no certificate involved, Apple cannot kill the app by revoking the certificate. The malware is capable of all manner of backdoor activities, such as access to the file system, remote code execution and webcam access, Bitdefender says.”]
Source: https://blog.malwarebytes.com/cybercrime/2016/07/new-mac-backdoor-malware-eleanor/