Chinese hackers start attacking Mac OS

Chinese hackers are now starting to attack the Mac operating system, exploiting the fact that there is an ancient hole in Microsoft Office and the fact that many of them believe that viruses only happen on Windows machines.

According to Threat Post, insecurity experts have found a new attack that employs two separate pieces of malware, a malicious Word document and some techniques for maintaining persistence on compromised machines, and the campaign is specifically targeted at Mac users.

The command-and-control domain involved in the attack is located in China and the attack exploits a three-year-old vulnerability which no one could be bothered to fix.

Insecurity experts at AlienVault, who discovered and analysed the attacks, said that a remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record.

An attacker then takes control of an affected Mac, installs programs, snoops around, changes, or deletes data or creates new accounts with full user rights.

Currently the virus is being sent in a letter addressed to the United Nations Human Rights Commission and discussing the anniversary of the Tibetan uprising against China. It targets Tibetan non-governmental organisations.

The trojan is interesting because it has never been seen before. It runs every time the computer starts and has the ability to listen for new commands from the command and control server.