We’ve seen a number of malware and security threats targeting Macs these past few months. We’ve seen reports of external peripherals like the PCILeech, backdoor trojans like Eleanor, webcam hijackers and even cross-platform threats like Mokes make their way to the platform.
The big question remains, though, are Macs still safer than Windows machines in terms of being targets of malware attacks? Well, in some ways they still are, but with Macs gaining more market shares these past few years, malware makers and cyber criminals are targeting them more and more.
One thing we could see more of now is the recycling of old Windows malware tactics that can be rewritten and repurposed to victimize Mac owners.
Earlier this week, security researchers from Objective-See may have just discovered the very first Microsoft Word macro-based attack designed for Macs.
You may be familiar with Word macros – those little bits of code or script used by Microsoft Office programs to automate tasks. This has been the bane of Windows Microsoft Word users for years; with malicious macros, attackers will try and pull a fast one on their victims via poisoned Word documents.
It’s a primitive technique, for sure, but that doesn’t stop malware makers from trying them out, of course, checking if they’ll stick.
The questionable Word document doing the rounds lately is curiously titled “U.S. Allies and Rivals Digest Trump’s Victory – Carnegie Endowment for International Peace.” Needless to say, if you receive this file, please don’t open it.
If you’re still curious about the contents of the document and despite our warnings, attempt to open it, you’ll be greeted by yet another warning from Microsoft Word espousing the dangers of running macros from untrusted sources. I’d say, at this point, you should just back off, or at the very least, select “Disable Macros.”
According to Objective-See, the macros in the document will run Python code copied from the EmPyre exploit framework for Macs. This EmPyre component has a number of nasty capabilities including webcam hijacking, password stealing and browser history access.
Objective-See describes the malware sample they obtained as not “particularly advanced” since it still entirely relies on user interaction – the victim still has to open the questionable document in Microsoft Word (not Pages) and then ignore its blatant warnings by enabling macros to run. It still takes a few conscious clicks, after all.
But still, even though this old-school Word macro attack on Macs is primitive and crude, it’s still ample evidence that malware makers have started to shift their sights to Apple computers as well. The security gap between MacOS and Windows is closing and it may not be as wide as it was in the past.
To read Objective-See’s findings, click here.