Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319


MacOS users targeted with dangerous new malware

Image Description

Cyber threats are increasingly targeting macOS users and new research from Trend Micro has discovered that a new malware variant is currently being deployed online by a nation-state-backed hacking operation.

The firm's security researchers believe that the Vietnamese hacking group OceanLotus, known as APT32, is behind this new malware campaign due to “similarities in dynamic behavior and code” with previous samples collected from the group.

In the past, OceanLotus has targeted foreign organizations working in Vietnam from a variety of different industries including media, research and construction. While the group's motivations aren't entirely clear, it is believed that the group conducts espionage on foreign firms to help Vietnamese-owned companies.

The backdoor recently discovered by Trend Micro allows OceanLotus to spy on compromised machines and steal confidential information and sensitive business documents from macOS users.

OceanLotus attacks

The recent series of attacks launched by the OceanLotus group begin with a phishing email that tries to encourage users to run a Zip file disguised as a Word document which is capable of avoiding detection by antivirus software through the use of special characters.

The attack could be discovered by users who realize that a Microsoft Word document doesn't open when they click on the email's attachment. However, by this time, the initial payload is already in the process of changing access permissions in order to load a second-stage payload that prompts a user to install a third and final payload. This third-stage payload then downloads the backdoor onto a user's system.

Just like older versions of OceanLotus' malware, this new variant tries to collect system information and create a backdoor that allows the group to spy on a user and download files from their system. The malware can also be used to upload additional malicious software to the system if required and Trend Micro believes that the malware is still actively being developed by the group.

In order to prevent falling victim to this latest campaign, Trend Micro recommends that macOS users remain vigilant when it comes to clicking on links or downloading attachments from emails sent by unknown sources. At the same time, users should apply the latest security patches to prevent OceanLotus and other hacking groups from exploiting known vulnerabilities.

Via ZDNet


01 Dec 2020



Other Blog

  • The best Samsung Galaxy Tab A prices and deals in July 2021

    The Samsung Galaxy Tab A is the ultimate cheap tablet - so we're rounding up all the lowest prices for an even better deal.

    Read More
  • Massive GPU stock: The RTX 3070 Ti is now in stock in the US – kind of

    The RTX 3080 Ti is going to be available to buy today. Here's when and where it'll be in stock, according to our reporting.

    Read More
  • Stealthy cross-platform malware could dispossess you of your crypto holdings

    Cybercriminals created a year-long marketing campaign to trick users into installing the ElectroRAT malware.

    Read More
  • Quick - the Samsung Galaxy Chromebook has a $300 price cut at Amazon

    Getting ready for back to school? Get this thin, backpack-friendly Chromebook for $699 at Amazon.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us