Mac computers aren’t immune to hacking and viruses. There’s a new backdoor infiltration out there posing as a Word document and directly targeting Macintosh computers.
OceanLotus is interesting because it targets MacOS, trying to open a backdoor through which hackers can get data from Mac computers. Another noteworthy part of the hack is that the attachment is made to look like a Word document but isn’t.
TrendMicro has the details of how OceanLotus works. It’s currently being distributed in Vietnam, seemingly to infiltrate businesses in that country. Most likely the same tricks will be used to attack Mac computers in other countries.
The infection arrives as an attachment which looks like a Word document like this:
It’s actually a ZIP file (see contents in above image) with a faked icon and file name trickery to make it look like a Word document.
The file name doesn’t really end in .doc but includes a special character which stops MacOS from opening as a Word document. Instead it thinks the file is an unknown type which is opened and allows malicious script to run.
The user sees a Word document open but that’s a diversion, the ‘document’ that’s opened is configureDefault.def after renaming to a .doc file type.
This infection works on any Mac computer, Microsoft Office doesn’t have to be installed for the nasty code to run.
While the unsuspecting user is puzzling over the strange document, the real malicious code has been copied and run on the Mac.
The code gets some machine data and sends it to the hackers while grabbing more nasty programs to run on the infected computer.
What can Mac users do?
Some Mac users believe they are immune to viruses, thinking that only Windows computers can be infected.
It’s true that Windows machines are targeted more, but that’s only because there’s a lot more Windows computers around than Macs. Hackers target the most common platforms first.
Mac computers can be infected, it’s just less common. The good news is that a little common sense will protect most people from trouble.
The standard advice is not to open documents from unexpected or suspicious sources. That’s not always possible but a decent starting point.
Join Office Watch for Apple — get more help, tips and advice for Mac, iPhone and iPad.
Is Microsoft Office ready for Apple Silicon Macs?
New Apple emoji available now but be careful
All you need to know about Microsoft Office and Big Sur MacOS
