Macro Malware after Targeting Windows Computers now Infecting OS X
Mac OS users are finding things more difficult since there has been a widespread use of macro malware. Windows users are already familiar with this malware, as starting early 1990s, macro infections on Word software have been on the prowl. In a not extremely complicated attack vector, Word users get an e-mail attachment containing a document that they are tricked to download as well as open inside Word.
Subsequently, the victims are encouraged to activate their macros referred to as scripts inside a program which help attackers take down malicious software that would infect the victims' systems. So long Mac users had not faced these threats till the present time.
For bypassing security products, macro malware ensures concealment of its early payload inside Word file's Comments property. And though target data may be encrypted, the macro malicious scripts utilize VBA for decrypting the data and executing it. Here the malware examines which OS is running on the device so seizes the code suiting the particular platform.
For an end-user operating a Mac, the malware downloads one Python script and then runs it. According to security researchers, the said script is Python meterpreter's modified edition that's as well utilized within Metasploit framework. By going to GitHub, one can freely obtain the code thus possibly the attackers too obtained it. After this it attempts at communicating with certain C&C server for taking down additional malware. Presently, such a connection seemingly isn't there; however, it may become active any time. Enterprisetimes.co.uk posted this online dated March 24, 2017.
Whereas for both Windows and Mac instances, the malware does not straight away damage else leak data, yet the tainted computers remain looking to get more commands from a C&C server. Incase not checked, the aftermath could be downloading of additional malevolent codes that would load ransomware alternatively reach for the victim's Keychain, else carry out other nefarious activities with the tainted computer.
Bottom-line, users must keep their macros disabled while not enable them without authenticating the source of attached documents. Mac users must realize the situation that macro malware today can equally infect them.
» SPAMfighter News - 30-03-2017