Mac malware found in malformed Word documents – is China to blame?

Our friends at F-Secure have blogged today about a boobytrapped Word document, that appears to be designed to infect computer systems running Mac OS X.

The malicious Word file, examined by the experts in SophosLabs, claims to be about the “6th International Uyghur Women’s Seminar & 1st World Uyghur Women’s Congress”, run by the International Uyghur Human Rights & Democracy Foundation.

Boobytrapped Word file

Vulnerabilities, exploited in malformed Word documents, install malicious code onto the recipients’ computer and a legitimate-seeming Word file with content relevant to the victim is displayed as a smoke screen.

It’s clear that the attack is targeted against Uyghur Mac users, and we have seen similar attacks in the past.

Sophos products detect the malware as OSX/Agent-AADL and Troj/DocOSXDr-B.

The obvious question people are likely to ask is… are China to blame for this attack? After all, we have seen several attacks in the past which have targeted minority groups in the country.

There’s no 100% proof connecting this attack with the-powers-that-be in Beijing, but you would be a brave man to bet against it.

All Mac users need to keep in mind that its important that all computers, regardless of operating system, are properly secured – and to be on their guard against attacks.

Whether it’s likely that you aren’t in China’s good books or not, there are more and more cybercriminals investigating how they might infect the many Mac computers out there.

It is true that there is much less malware for OS X than there is for Windows, but that’s not going to make you feel any better if you end up targeted in an attack like this.

Mac users, just like Windows users, need to ensure that they install the latest security patches and keep their software properly up-to-date.

If you’re not already doing so, run anti-virus software on your Macs. If you’re a home user, there really is no excuse at all as we offer a free anti-virus for Mac consumers.