It is not too common that researchers find cross-platform malware. This is one of the ultimate target of malware developers, which is to be potent in all operating system platforms.
They have found a new malicious Word document, which is the laced with cross-platform infecting malware. It is a very good reason to be alarmed since it can infect both Windows and OS X. Cyber criminals rarely target the Mac OS due to popularity. As of this writing, they have not determined how harmful this new type is.
Although it is highly unusual, this latest type of malware causes alarm for security researchers all around the world. Although these word documents need to have their macros enabled while opening the malware laced file, their is a high probability that a lot of damage can be done due to the fact that malware is being introduced via word documents over the last few months, it will not go away anytime soon since we need word documents in our daily lives.
We have reported these macro laced word files for quite some time now and we have been warning a lot of people not to enable macros. However this time, the malicious software can infect both Windows and Mac OS X computers. Their intentions, targets and goals are yet unclear so far as to why they target both Windows and Mac OS. It looks like a very elaborate plan that is yet to unfold.
Moreover, Mac OS users will not see the malicious file being downloaded in the background. This is made possible thanks to the Python wrapper used to distribute this malware. Once the Python script is downloaded and executed by the computer user, it will communicate with the assailant’s server to download the malware in question. The Python script in question appears to be a modded version of a Python meterpreter file, which is a common method of attack among cyber criminals these days.
The Windows malware variant is a bit more sophisticated, by the look of things. Under the hood, there are several layers of code and encryption wrapped around one another. One researcher refers to this as a “Russian nesting doll”, which seems to be an accurate description. Unlike the Mac OS X version, the Windows variant downloads a 64-bit DLL file which communicates with the assailant’s server. This also hints at how this new malware man only affected 64-bit versions of Windows, albeit that has not been officially confirmed.
As a twist of luck, researchers have figured out some of its current inner workings, but may change in future developments of the malware and how the distribution phase may be rolled out or possibly evolve. There are no indicators of who is behind the new malware. For as long as macro can be run from Microsoft office, this threat may not go away.
Once, the Mac OS was believed to be unaffected by malware, but now it newer malware types have been deliberately attacking them. This clearly shows that the Mac OS is not safe from attacks. There was a malware found last February 2017 and it is unclear if the same group is responsible for this new one. Cross-platform has begun and is slowly becoming a trend we might be fighting off in the future.