Trojan targets Tibetan activist groups that use Macs

Share this article:

Researchers at a security firm have spotted espionage malware targeting users of Mac computers.

The attacks are taking advantage of a Microsoft Word vulnerability, which affects both Windows and Mac platforms and was patched nearly three years ago, said Jaime Blasco, a researcher with AlienVault, maker of vulnerability assessment and threat detection products.

Since earlier this month, remote access trojans, or RATs, which are being sent in spear phishing emails containing a malicious Microsoft Word file, have been targeting pro-Tibet organizations -- with the goal of purging sensitive information without being detected.

"It is no surprise that Tibetan organizations are being targeted -- they have been for years -- and we continue to see Chinese actors breaking into numerous organizations with impunity," Blasco wrote in a March 13 blog post. "Unfortunately, in this particular case, these attacks may have a direct impact on the abuse of human rights in these regions."

The latest campaign is going after Macs, which continue to grow in popularity. Blasco said this is a sign that if advanced attackers are going to be successful, they may have to find ways to infiltrate platforms that traditionally have gone untouched, aside from general malware such as rogue anti-virus programs.

"If these guys want to penetrate these systems, they need to develop new malware for Mac," said Blasco, who added that this is the first time he has seen Office files being used to deliver a trojan on the Mac OS X.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.