malware New macOS malware exploits old Windows tricks to get into your system

[captain_to_fire]

Source: The Next Web

 

Quote

While Mac malware tends to be a rather rare occurrence, Ars Technica reports security researchers have discovered two separate, new macOS viruses that rely on old Windows tricks to get into your laptop and steal your data.

One of the attacks, documented by software firm Objective-See, exploits an established Windows technique which hides and executes malicious code using Word document macros.

The hack tricks unsuspecting users into opening infected Word documents which subsequently run malicious macros once the file has been loaded. The good thing is that it’s fairly easy to identify infected files prior to opening them.

Anytime you open a Word file containing macros, your device will ask you for permission. Denying permission on its own is enough to prevent the malware from spreading.

But if you click ‘run’, all sorts of bad things could happen: A hacker could spy on you or pull your browsing history, or they could initiate a secondary infection by downloading additional malware.

Before the entire PC Master Race jumps into Apple hate bandwagon again, let's clear things up. This specific malware infection isn't the one usually found in Windows PCs where the infecting agent doesn't need user interaction to compromise the system, this one exploits social engineering in Microsoft Word macros. Just like ActiveX plugins and Browser Helper Objects that took Microsoft years before they ditched it in Microsoft Edge, they can't get away with Macros in Office either. Too bad that macOS's built in Gatekeeper only blocks executable files without Apple's digital signatures, it can't prevent infections via macros. 

 

Malware infections in OS X/macOS isn't something new. Remember the Mac Defender trojan in 2011 that infected a lot of Macs which caused false alerts of malware infection and requires users to pay but laters steals the browser history? I used to believe that the reason why malware infections on a Mac is scarce unlike Windows is because of the market share. Now, I'm doubting that. I hope someone can correct me about this but it seems that crafring a malware us harder on a UNIX kernel used by macOS unlike the plethora of viruses, trojans, and worms built to attack the NT kernel used by Windows. 

 

[DrMikeNZ]

Who actually allows and runs macros from unknown sources without reading the code first?

[OLS]

My GF got this on a brand new file she made.. trusted or not? .. 

[tlink]

2 minutes ago, DrMikeNZ said:

Who actually allows and runs macros from unknown sources without reading the code first?

everyone who isn't some sort of tech wizard.

[OLS]

Will this only be relative if its a downloaded Word document? 

[captain_to_fire]

7 minutes ago, OLS said:

Will this only be relative if its a downloaded Word document? 

I don't think so. I think Excel and Power Point files with macros embedded are vulnerable too. 

[captain_to_fire]

16 minutes ago, DrMikeNZ said:

Who actually allows and runs macros from unknown sources without reading the code first?

It could come even from people you trust. Let's say a friend with hidden grudge on you sends you an Excel file with a nasty malware embedded as a macro under the pretense that it's a group file for a project. Little did you know as soon as you open the file and said yes to executing macros, it can turn your computer into a zombie. 

[DrMikeNZ]

1 minute ago, hey_yo_ said:

It could come even from people you trust.

If I didn't write the code, then it is unknown to me.

[captain_to_fire]

10 minutes ago, DrMikeNZ said:

If I didn't write the code, then it is unknown to me.

I guess if you said no in opening the macro, then you're good. Microsoft Office since version 2010 featured protected view which is like their implementation of User Account Control for office files. 

[suicidalfranco]

good thing i don't use ms stuff anymore, such a bad company with awful products and services overall 

[dalekphalm]

5 hours ago, hey_yo_ said:

It could come even from people you trust. Let's say a friend with hidden grudge on you sends you an Excel file with a nasty malware embedded as a macro under the pretense that it's a group file for a project. Little did you know as soon as you open the file and said yes to executing macros, it can turn your computer into a zombie. 

Yeah... sure.... "friend".

 

I don't know about you, man, but none of my friends would do that. And if they did, they'd never be my friend again. Hell I'd be tempted to report them to the Police, because yeah that's a crime lol.

[Doobeedoo]

It is true, as far as market share Windows having larger one than Mac by a lot. Reason being that Windows will be way more targeted platform for such.

[Linus_torvalds]

I use linux, libreoffice. I do not think this affects me like 1209353266 other windows viruses LOL

[RagnarokDel]

9 hours ago, DrMikeNZ said:

If I didn't write the code, then it is unknown to me.

You are 0.00001% of the userbase. I'm probably not far from not exagerating.

1 hour ago, mate_mate91 said:

I use linux, libreoffice. I do not think this affects me like 1209353266 other windows viruses LOL

 

There's nothing worst then someone who assumes they're safe because they're using X software rather then Y.

 

 

[DrMikeNZ]

2 minutes ago, RagnarokDel said:

You are 0.00001% of the userbase. I'm probably not far from not exagerating.

Overexagerating a little. Closer to 0.00000003%

[captain_to_fire]

5 hours ago, dalekphalm said:

Yeah... sure.... "friend".

 

I don't know about you, man, but none of my friends would do that. And if they did, they'd never be my friend again. Hell I'd be tempted to report them to the Police, because yeah that's a crime lol.

I have to deal with deplorable people all the time especially at work. It seems that killing them with kindness isn't working anymore. Who knows? Maybe in the future Microsoft office macros can be used to deliver a nasty crypto-ransomware? 

[mrchow19910319]

Dumb question... Can malwarebytes detect this??? 

Also I don't use microsoft suite, should I be worried???? 

[captain_to_fire]

56 minutes ago, mrchow19910319 said:

Dumb question... Can malwarebytes detect this??? 

Also I don't use microsoft suite, should I be worried???? 

Probably any AV with heuristics can detect malicious macros so I think malware bytes can remove it. If you no longer use Office, you're good to go. 

[kirashi]

1 hour ago, mrchow19910319 said:

Dumb question... Can malwarebytes detect this??? 

Also I don't use microsoft suite, should I be worried???? 

You should always be on guard (not worried) about malware when using any piece of software.

[PlayStation 2]

I know, I know, this could potentially be exploited on another program on macOS.

On the flip side, I wouldn't really blame Apple for this for once. Sure, as I said, you could potentially exploit it some way else, but considering that you basically have to use Microsoft Office for this, I don't know.

[captain_to_fire]

1 hour ago, Dan Castellaneta said:

but considering that you basically have to use Microsoft Office for this, I don't know.

I'm thankful that Google Docs and iWork doesn't have antiquated macros. 

[Linus_torvalds]

11 hours ago, RagnarokDel said:

There's nothing worst then someone who assumes they're safe because they're using X software rather then Y.

I did not say that i am safe, i said this must not affect me like other windows oriented viruses. And that's true actually.

I know that linux has it's vulnerabilities and viruses too.

[samiscool51]

well i hope people aren't stupid enough to run the macros

wait..... this is people who don't know the meaning of value, good cheap devices and anything else outside of the apple ecosystem.......

hmm.....

oh well, macs aren't allowed on our network at my work, mainly because they don't play nicely with our servers, routers, extenders and anything else really!

[captain_to_fire]

6 hours ago, samiscool51 said:

well i hope people aren't stupid enough to run the macros

wait..... this is people who don't know the meaning of value, good cheap devices and anything else outside of the apple ecosystem.......

hmm.....

oh well, macs aren't allowed on our network at my work, mainly because they don't play nicely with our servers, routers, extenders and anything else really!

This isn't really Apple's fault. It's a vulnerability in Microsoft Office for Mac. Really? How come macs aren't allowed? macOS has SMB protocol for years and has Microsoft Exchange built in.

[SansVarnic]

All I can do is laugh, seriously its not because I have no love its just because its funny for some reason. *shrugs*