A second example of Malware targeting Mac OS has surfaced in the past few weeks. Macro is a series of commands and actions that help automate some tasks. Macro malware- commonly referred to as a “word macro virus” is a word-macro based attack relying on automatically-running macros embedded in Microsoft word documents.
A cybercrime group whose control infrastructure resolves to an IP geo-located in Russia is using the malicious macro that executes particularly on Mac OS.
Although it is an old trick used to target Windows user but targeting Mac OS users is new. The technique used may be old and crude but once the unsuspecting user opens an infected word document and runs macros on it, as the file asks, the malware installs itself silently on the target machine and immediately attempts to download a nefarious payload. The data is decoded via Python from an open source project called EmPyre.
The malware then allows hackers to monitor webcams, access browser history logs and steal passwords and encryption keys.
The attack was first discovered in a Word file titled “U.S. Allies and Rivals Digest Trump’s Victory – Carnegie Endowment for International Peace.docm”
A dialogue box (shown below) pops up instructing them to enable macro to view the file when a user tries to view the document. After enabling macros, the process begins.
The good thing is it is not an advanced form of attack. If the user does not allow macros to run on word document a lot of trouble would be saved. But if we look around most of the simple form of attacks spread like epidemic because of their simplicity.
This malicious word document appears at the same time as one other type of mac OS malware going by the name of MacDownloader. It is believed to have been created by Iranian Hackers. The moot point here is Mac OS is slowly becoming a big target for malware attacks and soon we might have a full-fledged ransomware.
The best defense against any such attacks is not to have them in the first place. Having a latest cyber security system in place is important as it will block any such communication or at least warn the users about a possible malicious intent. Data Leakage Protection (DLP) systems are equally important to help prevent execution of any unauthorized files and protect data leaks.
Logix InfoSecurity provides latest DLP systems and cyber security tools for real time protection of system.