1

An ongoing attack aimed at users of the Apple Mac platform is being reported by security researchers. AlienVault, which has discovered these weaponised attacks in the wild, warns that regular Mac users without IT security software installed could be at risk of infection and hijacking.

alien The researchers suspect that the attack stems from the same anti-Tibetan, pro-Chinese, hacking group that has been responsible for attacks targeting Tibetan activist organisations in recent weeks.

According to the lead researcher who made the discovery, Jaime Blasco, the group is "delivering two different Mac trojans" including a new and improved one called MacControl.

The weaponised files themselves are all MS-Office .doc files, and is quite rare in that malicious Office document files are hardly ever used in an attempt to deliver malware payloads to the Mac platform. AlienVault researchers have detailed how the files use a remote code execution vulnerability of MS-Word file handling of malformed records. Blasco warns that an attacker who successfully exploits this vulnerability can take control of the target Mac along with other networked computers.

I'm not sure just how much of a threat this latest in the wild attack actually is though, considering that for a start any Mac user operating without administrative rights is unlikely to be impacted. Nor, for that matter, are those users who have patched their copy of MS Office with the security updates that Microsoft made available way back in 2009. Yes, really, that long ago. While one has to assume that the hacktivist group in this case has its reasons for targeting Mac users with such an old and already patched, I am hard-pressed to imagine that it's going to be a hugely successful strategy.

Indeed, I have not heard of anyone whose Mac has actually been compromised by the MacControl Trojan either. And that despite 'several versions' of the thing having been coded according to Blasco and his team.

Edited by happygeek: unstuck

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

2
Contributors
1
Reply
13
Views
5 Years
Discussion Span
Last Post by LastMitch
1

The weaponised files themselves are all MS-Office .doc files, and is quite rare in that malicious Office document files are hardly ever used in an attempt to deliver malware payloads to the Mac platform. AlienVault researchers have detailed how the files use a remote code execution vulnerability of MS-Word file handling of malformed records. Blasco warns that an attacker who successfully exploits this vulnerability can take control of the target Mac along with other networked computers.

I had a friend who is chinese read a article told me it was an inside job meaning someone in the plant ( Apple Manufactured ) knew about backend of the platform.

Was this proofing?

No, the article was just speculation.

The reason because most of the IT products are Manufactured in China.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.