Researchers Warn of Mac OS X Targeted Attacks

Mac-targetted Trojan hits pro-Tibetan campaigners

Security researchers have uncovered a never-before-seen Trojan targeting Mac users, indicating hackers are paying more attention to Apple machines when it comes to targeted attacks.

The Trojan’s creators have dubbed their special piece of malware MacControl. It executes every time the infected computer starts and lets the operators have complete control over a victim’s machine.

Tibetan targets

The malware loads upon execution of a malicious Word file and thus far appears to be aimed at pro-Tibetan campaigners. The same command and control (C&C) server has been seen running other Trojans attached to emails purporting to be from the Tibetan Women’s Association.

“A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record,” security company AlienVault said in a blog post. “An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

When a user clicks on the malicious .Doc file, the executed Trojan also opens a non-malicious word document in an attempt to fool the user into thinking they have just downloaded a legitimate attachment.

Trend Micro said this case shows Mac users are not invulnerable to targeted attacks. “This adjustment to affect Macs also shows that they are refining their scope, and are really customizing their tools to suit their targets,” said Trend threat research manager Ivan Macalintal, in a blog post.

“In this light, and knowing that the Mac OS X arena has seen in its fair share of threats increasing, it is advisable to be aware that Mac OS X can also be targeted, and seen as a new playing field for these groups behind targeted attacks and APTs [Advanced Persistent Threats] to further their agenda.”

Whilst targeted attacks going after Mac machines have been rare to non-existent until now, Apple-focused malware has been growing in recent times. Last year, the fake antivirus threat MacDefender caused much concern and a nasty piece of malware called Olyx, which could install backdoors on Macs.

Keen on IT security? See how much you know about it with our quiz.