Trojan targets Tibetan activist groups that use Macs

Share this article:

Researchers at a security firm have spotted espionage malware targeting users of Mac computers.

The attacks are taking advantage of a Microsoft Word vulnerability, which affects both Windows and Mac platforms and was patched nearly three years ago, said Jaime Blasco, a researcher with AlienVault, maker of vulnerability assessment and threat detection products.

Since earlier this month, remote access trojans, or RATs, which are being sent in spear phishing emails containing a malicious Microsoft Word file, have been targeting pro-Tibet organizations -- with the goal of purging sensitive information without being detected.

"It is no surprise that Tibetan organizations are being targeted -- they have been for years -- and we continue to see Chinese actors breaking into numerous organizations with impunity," Blasco wrote in a March 13 blog post. "Unfortunately, in this particular case, these attacks may have a direct impact on the abuse of human rights in these regions."

The latest campaign is going after Macs, which continue to grow in popularity. Blasco said this is a sign that if advanced attackers are going to be successful, they may have to find ways to infiltrate platforms that traditionally have gone untouched, aside from general malware such as rogue anti-virus programs.

"If these guys want to penetrate these systems, they need to develop new malware for Mac," said Blasco, who added that this is the first time he has seen Office files being used to deliver a trojan on the Mac OS X.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.