Trojan targets Tibetan activist groups that use Macs

Researchers at a security firm have spotted espionage malware targeting users of Mac computers.

The attacks are taking advantage of a Microsoft Word vulnerability, which affects both Windows and Mac platforms and was patched nearly three years ago, said Jaime Blasco, a researcher with AlienVault, maker of vulnerability assessment and threat detection products.

Since earlier this month, remote access trojans, or RATs, which are being sent in spear phishing emails containing a malicious Microsoft Word file, have been targeting pro-Tibet organizations -- with the goal of purging sensitive information without being detected.

"It is no surprise that Tibetan organizations are being targeted -- they have been for years -- and we continue to see Chinese actors breaking into numerous organizations with impunity," Blasco wrote in a March 13 blog post. "Unfortunately, in this particular case, these attacks may have a direct impact on the abuse of human rights in these regions."

The latest campaign is going after Macs, which continue to grow in popularity. Blasco said this is a sign that if advanced attackers are going to be successful, they may have to find ways to infiltrate platforms that traditionally have gone untouched, aside from general malware such as rogue anti-virus programs.

"If these guys want to penetrate these systems, they need to develop new malware for Mac," said Blasco, who added that this is the first time he has seen Office files being used to deliver a trojan on the Mac OS X.