Mac malware found in malformed Word documents - is China to blame?

Filed Under: Apple, Featured, Malware, OS X, Vulnerability

Our friends at F-Secure have blogged today about a boobytrapped Word document, that appears to be designed to infect computer systems running Mac OS X.

The malicious Word file, examined by the experts in SophosLabs, claims to be about the "6th International Uyghur Women's Seminar & 1st World Uyghur Women's Congress", run by the International Uyghur Human Rights & Democracy Foundation.

Boobytrapped Word file

Vulnerabilities, exploited in malformed Word documents, install malicious code onto the recipients' computer and a legitimate-seeming Word file with content relevant to the victim is displayed as a smoke screen.

It's clear that the attack is targeted against Uyghur Mac users, and we have seen similar attacks in the past.

Sophos products detect the malware as OSX/Agent-AADL and Troj/DocOSXDr-B.

The obvious question people are likely to ask is... are China to blame for this attack? After all, we have seen several attacks in the past which have targeted minority groups in the country.

There's no 100% proof connecting this attack with the-powers-that-be in Beijing, but you would be a brave man to bet against it.

All Mac users need to keep in mind that its important that all computers, regardless of operating system, are properly secured - and to be on their guard against attacks.

Whether it's likely that you aren't in China's good books or not, there are more and more cybercriminals investigating how they might infect the many Mac computers out there.

It is true that there is much less malware for OS X than there is for Windows, but that's not going to make you feel any better if you end up targeted in an attack like this.

Mac users, just like Windows users, need to ensure that they install the latest security patches and keep their software properly up-to-date.

If you're not already doing so, run anti-virus software on your Macs. If you're a home user, there really is no excuse at all as we offer a free anti-virus for Mac consumers.

, , , , ,

You might like

2 Responses to Mac malware found in malformed Word documents - is China to blame?

  1. Private · 854 days ago

    Does this only work if it is opened in MS Word for OSX?

  2. Scott · 853 days ago

    What I want to know is if completely patched/updated versions of MS office for OSX are also susceptible to this attack or if this attack in some way needs more user intervention then just opening up a MS word document, ie., .docx?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley