Malicious Microsoft Word documents that abuse macros have long been the bane of Windows users. Now, security researchers have found what may be the first such real-world attack to infect Macs.
The attack was found in a Word file titled “U.S. Allies and Rivals Digest Trump’s Victory – Carnegie Endowment for International Peace.” When Mac users open the document in a Word application configured to allow macros and ignore a warning, an embedded macro automatically:
- checks to make sure the LittleSnitch security firewall isn’t running
- downloads an encrypted payload from hxxps://www.securitychecking.org:443/index.asp
- decrypts the payload using a hard-coded key and
- executes the payload