LuckyCat Malware Threat Targets Macs through Word

| News

Mac users are facing a new malware threat called LuckyCat, fresh on the tail of Flashback. This new trojan targets a security flaw in Microsoft Word to spread its malware payload via Java exploits.

Macs facing a new malware threatMacs facing a new malware threat

Costin Raiu from Kaspersky Lab said in a SecureList blog post said LuckyCat was difficult to track down at first. “One of the biggest mysteries is the infection vector of these attacks. Given the highly targeted nature of the attack, there are very few traces,” he said. “Nevertheless, we found an important detail which is the missing link: Six Microsoft Word documents, which we detect as Exploit.MSWord.CVE-2009-0563.a.”

He added that there is evidence suggesting the malware payload was delivered through Word documents.

So far, it looks like the payload LuckyCat leaves behind can be used to remotely access the contents of an infected Mac. Based on Kaspersky’s data, attackers haven’t automated the process of scanning user’s hard drives, so they have to manually review the contents. Once they do that, however, attackers can copy specific files from victim’s hard drives.

Details are still slim on LuckyCat, so malware detection tools aren’t much help yet. As researchers learn more, we’ll likely see security patches and removal tools for Mac users that have been infected.

[Some images courtesy Shutterstock.]

Comments

Lee Dronick

“Given the highly targeted nature of the attack, there are very few traces”

Hmmmm, targeted nature. It will be interesting to learn who they targeted.

geoduck

I’ve been watching the series Battle Castle.
Each week they talk about the design of a castle and what happened when an army attacks. Usually the walls were impenetrable, the foundation solid, the defenders were unwavering. However, there was usually a gate or a window, or a toilet that the attacking army used to sneak in and overwhelm the defenders. A vulnerability that rendered all of the spectacular stonework moot.

Microsoft Word: OS-Xs toilet.

vpndev

Wait, guys. This vulnerability is from 2009 !! It affects Word 2004 and 2008, but not 2011. And has been patched by Microsoft.

So why is everyone making such a big deal of it? Am I missing something?

Lee Dronick

I wonder how many Word 2004 and 2008 users have not updated to patched versions.

geoduck

This vulnerability is from 2009 !! It affects Word 2004 and 2008, but not 2011. And has been patched by Microsoft.

Interesting. I hadn’t noticed that. Wonder if it’s just Kaspersky Labs trying to drum up business.

Lee Dronick

From what I read they targeted people involved the movement to free Tibet.

http://arstechnica.com/apple/news/2012/04/researchers-uncover-new-espionage-malware-preying-on-mac-users.ars

Log-in to comment