MS Office exploit that targets MacOS X seen in the wild – delivers “Mac Control” RAT

By | March 28, 2012

Source: AlienVault

In this article “Continuing our research on Tibet attacks, we have found more Mac trojans and some interesting MS Office files that  deliver them. The group behind these attacks is the same we have been tracking for a while:

– AlienVault Tibet related Research now used to target Tibetan non-governmental organizations

We believe this group is also the same as the group TrendMicro uncovered some days ago:

– Malicious Email Campaign Uses Current Socio-Political Events as Lure for Targeted Attack

The doc files seem to exploit MS09-027 and target Microsoft Office for Mac. This is one of the few times that we have seen a malicious Office file used to deliver Malware on Mac OS X.

http://technet.microsoft.com/en-us/security/bulletin/MS09-027

A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

Leave a Reply