Taking advantage of a primitive Windows technique based on the operation of automatically executed macros and embedded in Microsoft Word documents, a new type of malware attack on Mac has recently been discovered . As noted for the first time in an investigation by Objective-See, the technique used may be crude but once an unsuspecting user opens an infected Word document and decides to run the macros, malware is silently installed on the target Mac And immediately try to download a dangerous file.
The attack was discovered in a Word file entitled "US Allies and Rivals Digest Trump's Victory - Carnegie Endowment for International Peace . "
After you open an infected document in Word for Mac and click "Enable Macros" in the dialog box, the built-in macro does the following:
- Verify that the LittleSnitch security firewall is not working
- Download encrypted malware
- Then use a code key to decrypt it
- Malware downloaded
Once installed, malware could record your keystrokes, monitor the system's camera and clipboard, take screenshots, access iMessage, retrieve your browsing history, and much more. It will also automatically run after a reboot.
Fortunately, the remote upload file has already been removed from the server .
Although dangerous, this is not a particularly advanced form of attack.
You can protect yourself from this type of attacks by making sure you click "disable macros when opening a suspicious Word document". Given the prevalence of macro-based malware in Windows, it is not surprising that Microsoft included a clear virus warning in the Word dialog box.