Apple iMac new desktop pc

Threat researchers at Trend Micro have identified new malicious content by OceanLotus targeting iOS and MacOS devices. The malware is supposedly spread through a Microsoft Word file attached to phishing emails.

Customers frequently prefer Apple’s operating systems due to the fact that they have a lower number of malicious attacks on them. However, the recent discovery by Trend Micro reveals that devices running iOS and MacOS are not completely immune to such attacks. The TrendLabs security intelligence blog post have identified the malware to originate from OceanLotus, aka. SeaLotus, APT 32, APT-C-00, and Cobalt Kitty. The backdoor runs on the OS by the name of OSX_OCEANLOTUS.D.

Attack progression

The researchers claim that the threat is distributed via an MS Word document attached to phishing emails. While the document claims to be a registration form for an assembly for HDMC — a Vietnam-based organization that promotes democracy and national independence —, it is, in fact, backdoor dropper targeting devices that use the programming language Perl.

The dropper, which has a hard-coded encryption using an RSA256 key, asks the users to allow macros, and once enabled, it then extracts an executable disguised as an XML file. The dropper then sets up the backdoor malware in different locations, depending on whether or not it has root access. It then sets itself to ‘hidden’ and chooses randomized times and dates for its files.

The backdoor has a dual purpose: collecting information on the OS, and leaving the device open for further attacks. The collected information are: OS version, device serial number, Hardware UUID, MAC address, and potentially the device user’s name. The backdoor process regularly communicates with the malicious server, uploading the collected data, and downloading more malicious content.

Preventative steps

It is important to be aware that while Apple’s operating systems do not have as many malware programs as other OS, malicious content for them do exist. In the case of phishing attacks, Trend Micros suggests verifying the sender’s email and the link embedded in the email and be wary of attachments from unfamiliar addresses. Users should also not provide personal details unless absolutely necessary. Finally, regular scans using antivirus and antimalware software are also highly recommended, as well as making sure that the operating system is fully updated.

18 COMMENTS

  1. Hi there friends, its great paragraph regarding cultureand
    entirely explained, keep it up all the time.

  2. Aquí es donde eres capaz de obtener una erección, pero tienes dificultades para mantener tu pene erecto.

  3. 37348 52769Of course like your web site but you need to have to check the spelling on several of your posts. Several of them are rife with spelling issues and I uncover it extremely bothersome to tell the truth nevertheless Ill surely come back once more. 498547

  4. El sexo es una parte importante de la vida adulta, pero existen diferentes problemas que pueden alterar este acto e incluso impedir disfrutar de una vida sexual plena.

  5. I am sure this piece of writing has touched all the internet visitors, its really
    really fastidious piece of writing on building up new weblog.

  6. At this moment I am going to do my breakfast,
    later than having my breakfast coming again to read further news.

  7. Hi there, I believe your web site could possibly be having web browser compatibility issues.
    When I look at your site in Safari, it looks fine however, when opening in IE, it’s got some overlapping issues.
    I simply wanted to give you a quick heads up!
    Other than that, excellent blog!

  8. I love it when individuals get together and share views.
    Great blog, continue the good work!

  9. I think this is one of the most vital info for me.

    And i am glad reading your article. But want to remark on few general things, The website style is perfect,
    the articles is really nice : D. Good job, cheers

  10. Hi there it’s me, I am also visiting this website regularly, this site is genuinely nice and the
    people are in fact sharing fastidious thoughts.

  11. 529295 406298jobs for high school students – Search for Jobs on our internet site, we provide several great links towards the best and biggest Portals to acquiring a Job as a high school student! 326635

  12. Hi there just wanted to give you a quick
    heads up. The words in your content seem to be running off the screen in Ie.
    I’m not sure if this is a formatting issue or something to do with browser compatibility but I
    figured I’d post to let you know. The layout look great though!
    Hope you get the issue solved soon. Cheers

  13. There is definately a great deal to know about this topic.
    I really like all of the points you’ve made.

  14. Howdy just wanted to give you a quick heads up. The text in your article seem to be running
    off the screen in Firefox. I’m not sure if this
    is a formatting issue or something to do with browser
    compatibility but I figured I’d post to let you know. The layout look great though!
    Hope you get the problem solved soon. Cheers

  15. You should take part in a contest for top-of-the-line blogs on the web. I’ll advocate this site!

LEAVE A REPLY

Please enter your comment!
Please enter your name here