Home / Tech News / Featured Tech News / MacOS trojans are becoming more common place, new Word file exploit discovered

MacOS trojans are becoming more common place, new Word file exploit discovered

Jon Martindale February 9, 2017 Featured Tech News, Security

A new piece of malware that specifically targets Mac operating systems has been discovered. Found in an infected Word file, when launched on a MacOS machine, the file automatically triggers a macro which can download an encrypted payload and begin running it on the user's system.

Anyone who's been interested in technology for at least a decade is familiar with the tired maxim that Apple devices don't get viruses. Apple even used it in its old “I'm a Mac” adverts with Jason Long. They do though and as Apple devices become more commonplace, malware that targets them has followed suit.

The malware this time around was discovered in an infected Word document called “U.S. Allies and Rivals Digest Trump's Victory – Carnegie Endowment for International Peace.” A surprisingly wordy and official sounding document that seems likely to be targeting a specific group of people.

Source: Objective-see

If one of those people should have opened the document however, it would have immediately attempted to run a macro. While MacOS users would receive a warning at that point, if they were to ignore it, the malware would first check to see if the LittleSnith firewall was running. If not, it would download a payload from an infected URL, decrypt it and execute said payload.

While Ars and the security researchers it quotes don't know exactly what the payload does, the codebase that it borrows from would suggest that it would likely monitor webcams, record keystrokes, access browser histories and steal stored passwords.

Although the attack is said to not be the most sophisticated, it does show that more of the commonplace tactics for targeting Windows users are migrating over to MacOS systems too. Much like phishing attacks, Word macros utilise humans as the weak point in the security chain. Why try to break into a system manually if you can have people do it for you by opening a malicious file?

Discuss on our Facebook page, HERE.

KitGuru Says: This is why the two most important security measures you can take on any system, are to not open email attachments unless they were expected and come from a trusted source – and even then scan them first – and don't click links sent to you. Always copy and paste or check them out first. 

Become a Patron!

Tags

Check Also

Samsung showcases new 3D gaming display and 4K monitors

Samsung has unveiled its 2025 lineup of Odyssey gaming monitors and the ViewFinity S8. The …

© Copyright 2025, Kitguru.net All Rights Reserved Standard Terms

We've noticed that you are using an ad blocker.

Thank you for visiting KitGuru. Our news and reviews teams work hard to bring you the latest stories and finest, in-depth analysis.

We want to be as informative as possible – and to help our readers make the best buying decisions. The mechanism we use to run our business and pay some of the best journalists in the world, is advertising.

If you want to support KitGuru, then please add www.kitguru.net to your ad blocking whitelist or disable your adblocking software. It really makes a difference and allows us to continue creating the kind of content you really want to read.

It is important you know that we don’t run pop ups, pop unders, audio ads, code tracking ads or anything else that would interfere with the KitGuru experience. Adblockers can actually block some of our free content, such as galleries!