Malware infects Macs through Microsoft Office vulnerability

Rogue emails distribute booby-trapped Microsoft Word file that installs Mac OS Trojan, researchers said

Security researchers have encountered new email-based targeted attacks that exploit a vulnerability in Microsoft Office to install a remote access Trojan horse program on Mac OS systems.

The rogue emails appear to target Tibetan activist organizations and distribute booby-trapped Microsoft Word documents that exploit a known remote code execution vulnerability in Microsoft Office for Mac, according to malware experts from security firm AlienVault.

"This is one of the few times that we have seen a malicious Office file used to deliver Malware on Mac OS X," said AlienVault security researcher Jaime Blasco in a blog post on Tuesday.

Security researchers from Mac antivirus vendor Intego believe that the attacks might become more widespread. "This malware is fairly sophisticated, and it is worth pointing out that the code in these Word documents is not encrypted, so any malware writer who gets copies of them may be able to alter the code and distribute their own versions of these documents," they said in a blog post on Thursday.

"The attack will be very effective on those who have not updated their copies of Microsoft Office, or aren't running antivirus software," the Intego researchers said.

If the vulnerability is exploited successfully, the rogue Word files will install a previously unknown Mac OS X Trojan horse. The remote attackers can instruct this malware to download, upload and delete files, or to start a remote shell on the system.

AlienVault believes that this attack was carried out by the same gang that last week distributed a similar Mac Trojan by exploiting a vulnerability in outdated Java installations.

This type of targeted attack, also known as spear phishing, has become common in recent years and is usually associated with government or corporate cyberespionage operations. However, the vast majority of spear phishing emails have so far targeted Windows users.

"While, in the past, we did not see this type of attack targeting Macs, it is clear that the game has changed, and that we are entering a new period of Mac malware," the Intego researchers said.

Mac users are advised to keep the software installed on their computers up to date, especially the popular applications, and to run an antivirus program at all times. Several Mac antivirus products are available for free.

Join the CSO newsletter!

Error: Please check your email address.

More about IntegoMacsMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts