New Mac Malware Reported: A Malicious Word Doc and a Fake Software Update
Researchers have found malware in Mac through malicious Microsoft Word documents that misuse macros, and fake software updates that download malicious code. Malicious Word documents are found to be infecting Mac machines, a first such instance to be reported, and a fake software update of Adobe Flash Player is also doing the rounds.
Word document-based malware is something that is commonly seen infecting Windows machines but has been now spotted infecting Macs as well. Reports state that the attack was spotted in a Word file titled, "U.S. Allies and Rivals Digest Trump's Victory - Carnegie Endowment for International Peace."
Unknowingly, if a Mac user opens this document, it will download and execute an encrypted payload without any warning to the user. The researchers were unable to understand what this attack actually did, but because it was copied precisely from EmPyre, it is presumed that it could "monitor webcams, steal passwords and encryption keys stored in the keychain, and accessing browsing histories."
Director of research at security firm Synack, Patrick Wardle, analyzed the document and published his analysis. He wrote, "By using macros in Word documents, they are exploiting the weakest link; humans! And moreover since macros are 'legitimate' functionality (vs. say a memory corruption vulnerability) the malware's infection vector doesn't have to worry about crashing the system nor being 'patched' out."
However, Wardle said that overall the malware isn't particularly advanced as it relies on user interaction, as well as need macros to be enabled. However, even though this particular malware was poorly written and macOS malware has yet to catch up to its Windows counterparts, Ars Technica notes that the gap is steadily closing. I small request to the readers is that you'll never open unknown Word Docs as they may run macros.
The other malware found attacking Mac machines earlier this week, was a MacDownloader virus posing as an Adobe Flash Player update. This is again a tactic found in many Windows exploits, where a fake software update of an app pops-up, but when you hit update, malicious code gets downloaded.
This one's more sophisticated than Word malware, and it potentially puts your usernames, passwords, and other sensitive data at risk. Readers are, of course, cautioned to not click random update links, and only rely on system tools or official sites for updates. However, if it's a Flash update, I'd recommend you to uninstall the app instead.
Follow Me on Twitter>>>> @iamBhavish
And like us on Facebook>>> The Gud1