Infected Word files spreading malware on MACS

Weaponized Word files targeting Macs have been identified by AlienVault Labs, which says the malware is coming from the same Chinese group that has been targeting the Tibetan government and nongovernmental organizations.

The Word files seem to exploit an existing vulnerability and target Microsoft Office for Mac. “This is one of the few times that we have seen a malicious Office file used to deliver malware on Mac OS X”, AlienVault Labs noted in a blog.

“A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights”, the blog explained.

The command and control domain for the malware is located in Beijing province on China Unicom’s network, according to the blog.

AlienVault Labs had earlier found that the same group was behind recent spear phishing attacks on the Central Tibetan Administration and other Tibetan groups, as well as the Nitro attacks targeting chemical and defense firms last year.

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed


US-CERT Latest Warnings

Latest US-CERT Released Warnings