Cyber threats are increasingly targeting macOS (opens in new tab) users and new research from Trend Micro (opens in new tab) has discovered that a new malware variant is currently being deployed online by a nation-state-backed hacking operation.
The firm's security researchers believe that the Vietnamese hacking group OceanLotus, known as APT32 (opens in new tab), is behind this new malware campaign due to “similarities in dynamic behavior and code” with previous samples collected from the group.
In the past, OceanLotus (opens in new tab) has targeted foreign organizations working in Vietnam from a variety of different industries including media, research and construction. While the group's motivations aren't entirely clear, it is believed that the group conducts espionage on foreign firms to help Vietnamese-owned companies.
- We've assembled a list of the best antivirus (opens in new tab) software available
- Keep your devices virus free with the best malware removal (opens in new tab) software
- Also check out our roundup of the best ransomware protection (opens in new tab)
The backdoor recently discovered by Trend Micro allows OceanLotus to spy on compromised machines and steal confidential information and sensitive business documents from macOS users.
The recent series of attacks launched by the OceanLotus group begin with a phishing email (opens in new tab) that tries to encourage users to run a Zip file disguised as a Word document which is capable of avoiding detection by antivirus software (opens in new tab) through the use of special characters.
The attack could be discovered by users who realize that a Microsoft Word document doesn't open when they click on the email's attachment. However, by this time, the initial payload is already in the process of changing access permissions in order to load a second-stage payload that prompts a user to install a third and final payload. This third-stage payload then downloads the backdoor onto a user's system.
Just like older versions of OceanLotus' malware, this new variant tries to collect system information and create a backdoor that allows the group to spy on a user and download files from their system. The malware can also be used to upload additional malicious software to the system if required and Trend Micro believes that the malware is still actively being developed by the group.
In order to prevent falling victim to this latest campaign, Trend Micro recommends that macOS users remain vigilant when it comes to clicking on links or downloading attachments from emails sent by unknown sources. At the same time, users should apply the latest security patches to prevent OceanLotus and other hacking groups from exploiting known vulnerabilities.
- We've also highlighted the best business Mac (opens in new tab)
Via ZDNet (opens in new tab)