Newly Unveiled MacOS Malware Making the Rounds via Phishing Emails

Threat researchers at Trend Micro have identified new malicious content by OceanLotus targeting iOS and MacOS devices. The malware is supposedly spread through a Microsoft Word file attached to phishing emails.

Customers frequently prefer Apple’s operating systems due to the fact that they have a lower number of malicious attacks on them. However, the recent discovery by Trend Micro reveals that devices running iOS and MacOS are not completely immune to such attacks. The TrendLabs security intelligence blog post have identified the malware to originate from OceanLotus, aka. SeaLotus, APT 32, APT-C-00, and Cobalt Kitty. The backdoor runs on the OS by the name of OSX_OCEANLOTUS.D.

Attack progression

The researchers claim that the threat is distributed via an MS Word document attached to phishing emails. While the document claims to be a registration form for an assembly for HDMC — a Vietnam-based organization that promotes democracy and national independence —, it is, in fact, backdoor dropper targeting devices that use the programming language Perl.

The dropper, which has a hard-coded encryption using an RSA256 key, asks the users to allow macros, and once enabled, it then extracts an executable disguised as an XML file. The dropper then sets up the backdoor malware in different locations, depending on whether or not it has root access. It then sets itself to ‘hidden’ and chooses randomized times and dates for its files.

The backdoor has a dual purpose: collecting information on the OS, and leaving the device open for further attacks. The collected information are: OS version, device serial number, Hardware UUID, MAC address, and potentially the device user’s name. The backdoor process regularly communicates with the malicious server, uploading the collected data, and downloading more malicious content.

Preventative steps

It is important to be aware that while Apple’s operating systems do not have as many malware programs as other OS, malicious content for them do exist. In the case of phishing attacks, Trend Micros suggests verifying the sender’s email and the link embedded in the email and be wary of attachments from unfamiliar addresses. Users should also not provide personal details unless absolutely necessary. Finally, regular scans using antivirus and antimalware software are also highly recommended, as well as making sure that the operating system is fully updated.

Ali Raza
Ali Raza
Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of, too, a site dedicated to educating people on online privacy and spying.

More from author

Notify of
Inline Feedbacks
View all comments

Related posts


Latest posts

7 Best Work from Home Apps for Moms

Being a mom is a job in itself. Between taking care of the kids, keeping up with household chores, and trying to squeeze in...

Top 9 Ways Technology is Helping Global Trade

If you are in a global business, utilizing technology is a surefire way of growing your business and increasing your customer base. Today, you...

7 Ways Technology Is Going To Transform Lead Generation

 In the ever-growing world of digital marketing, the ability to generate quality leads remains the most important ROI driver. Both inbound and outbound lead...