New macOS malware disguises itself as Word macros


Mac security researchers were able to find two instances of malware found in macOS, although the number of infections still lag behind Windows quite a bit, as noted by ArsTechnica.

One of the malware infections are based off an old Windows technique which exploits Word documents using macros. It is said that this is the first of its kind to be directly targeted at macOS. However, it’s highly unlikely that a user will bump into this malware as it’s using such an old malware technique.

The exploit works by having unsuspecting users run a specifically-crafted Word document that includes macros when the file is opened. Macros used to be a huge exploit on Windows many years ago, and it seems that at least one vendor is targeting the Mac with the very same technique.

A suspicious Word document is easily identifiable though. When opened, the user is prompted within Word (not Pages), whether or not you want to open the document with macros, simply saying “Disable macros” will prevent any code from running on your machine. If granted access, however, the malicious file will begin downloading arbitrary code from a remote server and will begin executing it.

The other instance of malware uses yet another form of an old Windows tactic, faking an application software update box and downloading malware instead of the actual application update. Researchers say that MacDownloader will disguise itself as an Adobe Flash Player update.

The malware will harvest the user’s Keychain and will look for usernames and passwords along with any other sort of sensitive user data it can find. It will then send that data back to a remote location where the person behind the malware will do whatever they want with it.

Tags: , , ,