A newly discovered form of malware is targeting Apple MacOS users in a campaign that researchers say is tied to a nation-state-backed hacking operation.
The campaign has been detailed by cybersecurity analysts at Trend Micro who've linked it to OceanLotus – also known as APT32 – a hacking group that is thought to have links to the Vietnamese government.
OceanLotus is known to target foreign organisations working in Vietnam including media, research and construction, and while the motivation for this isn't fully understood, the aim is thought to be to using espionage to aid Vietnamese-owned companies.
The MacOS backdoor provides the attackers with a window into the compromised machine, enabling them to snoop on and steal confidential information and sensitive business documents.
The security company's researchers have linked it to OceanLotus because of the similarities in code and behaviour of the malware, compared with samples used in previous campaigns by the group.
The attacks begin with phishing emails that attempt to encourage victims to run a Zip file disguised as a Word document. It evades detection from antivirus scanners by using special characters deep inside a series of Zip folders.
The attack could potentially give itself away if users are paying attention because, when the malicious file is run, a Microsoft Word document doesn't appear.
However, at this stage an initial payload is already working on the machine and it changes access permissions in order to load a second-stage payload that then prompts the installation of a third-stage payload, which downloads the backdoor onto the system. By installing the malware across different stages like this, OceanLotus aims to evade detection.
Like older versions of the malware, this attack aims to collect system information and creates a backdoor allowing the hackers to snoop on and download files, as well as upload additional malicious software to the system if required. It's thought that the malware is still actively being developed.
Trend Micro urges users to be cautious about clicking links or downloading attachments from emails coming from suspicious or unknown sources.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.