Trojan targets Tibetan activist groups that use Macs

Share this article:

Researchers at a security firm have spotted espionage malware targeting users of Mac computers.

The attacks are taking advantage of a Microsoft Word vulnerability, which affects both Windows and Mac platforms and was patched nearly three years ago, said Jaime Blasco, a researcher with AlienVault, maker of vulnerability assessment and threat detection products.

Since earlier this month, remote access trojans, or RATs, which are being sent in spear phishing emails containing a malicious Microsoft Word file, have been targeting pro-Tibet organizations -- with the goal of purging sensitive information without being detected.

"It is no surprise that Tibetan organizations are being targeted -- they have been for years -- and we continue to see Chinese actors breaking into numerous organizations with impunity," Blasco wrote in a March 13 blog post. "Unfortunately, in this particular case, these attacks may have a direct impact on the abuse of human rights in these regions."

The latest campaign is going after Macs, which continue to grow in popularity. Blasco said this is a sign that if advanced attackers are going to be successful, they may have to find ways to infiltrate platforms that traditionally have gone untouched, aside from general malware such as rogue anti-virus programs.

"If these guys want to penetrate these systems, they need to develop new malware for Mac," said Blasco, who added that this is the first time he has seen Office files being used to deliver a trojan on the Mac OS X.

Share this article:

Sign up to our newsletters

More in News

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce ...

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

A five-month-long Tor attack attempting to 'deanonymize' users

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.