Skip to main content

MacOS users targeted with dangerous new malware

How to fix macOS Big Sur problems
(Image credit: guteksk7 / Shutterstock / Apple)
Audio player loading…

Cyber threats are increasingly targeting macOS (opens in new tab) users and new research from Trend Micro (opens in new tab) has discovered that a new malware variant is currently being deployed online by a nation-state-backed hacking operation.

The firm's security researchers believe that the Vietnamese hacking group OceanLotus, known as APT32 (opens in new tab), is behind this new malware campaign due to “similarities in dynamic behavior and code” with previous samples collected from the group.

In the past, OceanLotus (opens in new tab) has targeted foreign organizations working in Vietnam from a variety of different industries including media, research and construction. While the group's motivations aren't entirely clear, it is believed that the group conducts espionage on foreign firms to help Vietnamese-owned companies.

The backdoor recently discovered by Trend Micro allows OceanLotus to spy on compromised machines and steal confidential information and sensitive business documents from macOS users.

OceanLotus attacks

The recent series of attacks launched by the OceanLotus group begin with a phishing email (opens in new tab) that tries to encourage users to run a Zip file disguised as a Word document which is capable of avoiding detection by antivirus software (opens in new tab) through the use of special characters.

The attack could be discovered by users who realize that a Microsoft Word document doesn't open when they click on the email's attachment. However, by this time, the initial payload is already in the process of changing access permissions in order to load a second-stage payload that prompts a user to install a third and final payload. This third-stage payload then downloads the backdoor onto a user's system.

Just like older versions of OceanLotus' malware, this new variant tries to collect system information and create a backdoor that allows the group to spy on a user and download files from their system. The malware can also be used to upload additional malicious software to the system if required and Trend Micro believes that the malware is still actively being developed by the group.

In order to prevent falling victim to this latest campaign, Trend Micro recommends that macOS users remain vigilant when it comes to clicking on links or downloading attachments from emails sent by unknown sources. At the same time, users should apply the latest security patches to prevent OceanLotus and other hacking groups from exploiting known vulnerabilities.

Via ZDNet (opens in new tab)

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.