An ongoing attack aimed at users of the Apple Mac platform is being reported by security researchers. AlienVault, which has discovered these weaponised attacks in the wild, warns that regular Mac users without IT security software installed could be at risk of infection and hijacking.
The researchers suspect that the attack stems from the same anti-Tibetan, pro-Chinese, hacking group that has been responsible for attacks targeting Tibetan activist organisations in recent weeks.
According to the lead researcher who made the discovery, Jaime Blasco, the group is "delivering two different Mac trojans" including a new and improved one called MacControl.
The weaponised files themselves are all MS-Office .doc files, and is quite rare in that malicious Office document files are hardly ever used in an attempt to deliver malware payloads to the Mac platform. AlienVault researchers have detailed how the files use a remote code execution vulnerability of MS-Word file handling of malformed records. Blasco warns that an attacker who successfully exploits this vulnerability can take control of the target Mac along with other networked computers.
I'm not sure just how much of a threat this latest in the wild attack actually is though, considering that for a start any Mac user operating without administrative rights is unlikely to be impacted. Nor, for that matter, are those users who have patched their copy of MS Office with the security updates that Microsoft made available way back in 2009. Yes, really, that long ago. While one has to assume that the hacktivist group in this case has its reasons for targeting Mac users with such an old and already patched, I am hard-pressed to imagine that it's going to be a hugely successful strategy.
Indeed, I have not heard of anyone whose Mac has actually been compromised by the MacControl Trojan either. And that despite 'several versions' of the thing having been coded according to Blasco and his team.
