The updated piece of malware can provide an attacker access to a compromised machine, allowing them to surveil and steal sensitive information, security analysts at Trend Micro detailed in a new report.
According to the report, the malware arrives bundled as a ZIP file that disguises itself as a Word document and is distributed via phishing emails. It’s currently able to avoid detection by anti-malware software through obfuscation techniques, such as using special characters in its app bundle name.
Once it’s on a machine, the malware launches a series of payloads that change access permissions and install a backdoor onto the system. That backdoor allows attackers to snoop and download user files, gain additional information about a computer, and upload other malicious software, Apple Insider reported.
Trend Micro believes the backdoor is tied to a hacking group called OceanLotus, or APT32, that’s thought to have links to the Vietnamese government. OceanLotus is known for targeting foreign organizations working in Vietnam, and it’s thought that their goal is cyber espionage to bolster Vietnamese-owned companies.
The backdoor itself contains a piece of malware with close similarities to past samples found by Trend Micro in 2018. The new samples is believed to be aimed at users in Vietnam, since its file name is in Vietnamese and the older samples targeted users in the country.
“Threat groups such as OceanLotus are actively updating malware variants in attempts to evade detection and improve persistence,” the researchers wrote.
Who is impacted, and how to protect yourself
Because the malware appears to be designed for targeted espionage in a specific geographical region, it’s unlikely that it poses much risk to the majority of macOS users.
Trend Micro still recommends that users avoid clicking links or downloading any attachments from email senders they don’t know or trust. Keeping your macOS device up-to-date with the latest security patches is also highly recommended, according to Apple Insider.
By Mike Peterson
