If you are a Macbook user, then beware! There’s a new form of malware doing rounds on the internet and specifically targeting Apple’s macOS.
Let’s dig in and learn more about it.
According to analysts from Trend Micro, a cybersecurity firm, the malware is a part of a campaign which has been found to be linked to a hacking group called OceanLotus (alternatively APT32). The group reportedly has ties with the Vietnamese government as well.
This particular group of threat actors is notorious for targetting various foreign companies based in Vietnam operating in the field of media, research and construction. However, In this case of targeting Apple macOS, their ambition isn’t fully known.
The analysts from the cybersecurity firm believe that OceanLotus is using this malware for espionage purposes in order to aid Vietnamese-owned businesses. Using the MacOs backdoor, the attackers can gain access to an infected machine which then enables them to steal all kinds of confidential and sensitive information from the device.
Trend Micro’s analysts were able to identify the malware being linked to OceanLotus or APT32 as it is otherwise called because they spotted lot many similarities in the backdoor’s code and behaviour to something the hacking group used in their previous campaigns.
So, how does the macOS backdoor malware infect a device?
It all begins with mass sent phishing emails which encourage potential victims to run a Zip file often disguised as a Word (.docx) file. After a user runs it, using special characters deep inside the zip folders, the malware avoids getting detached by antivirus scanners and finally ends up infecting a particular device.
Now, even though the macOS backdoor is advanced enough to trick malware detection software, unfortunately, it cannot fool a trained eye. If users pay attention to the Word file when they run it, they can easily spot that the document doesn’t actually appear.
However, that being said, at this stage, the user is too late as an initial payload already starts working on the device and changes access permissions to load a second-stage payload which then repeats the same task so a third-stage payload could be installed. After this series of events take place, the backdoor slides into the system very easily and OceanLotus’s malware evades all forms of detection.
The analysts from Trend Micro noted that this newly updated malware, in many ways, works similarly to the older versions of the malware.
Also, the objective of the hacking group has always remained the same. By installing the malware onto a victim’s device, the threat actors aim to collect system information and download files along with uploading additional malicious software to the system if required.
According to Trend Micro’s researchers, variants of the malware are still being developed actively as it makes sure the backdoor can persist without being detected for longer durations.
Thus, what can you do to make sure you avoid getting your device infected in the first place?
Well, it is fairly easy. Users need to be cautious about clicking links or downloading suspicious attachments from emails being sent by unknown sources. Along with that, Trend Micro also suggests that users should apply every available security patch and other related updates because that will ensure the OS is able to better tackle known vulnerabilities.
