A month after the experts have discovered the first malicious MS Word document that can infect computers running macOS, experts have identified a. DOC file containing macros spreading malware to both Windows and macOS depending on a compromised system.
As reported by Securitylab, in early February, experts from Symantec and Synack revealed details about a fully working macro virus for macOS. To infect the Mac hackers use the following technique to send the victim a phishing email with an attached document containing the malicious macro code written in Python.
When the victim tries to open the document, a dialog box appears with a notification reminding you to activate macros in order to view its contents. If macros are enabled on the system running the payload, try to load additional software with attacker-controlled website.
Experts of the company like Fortinet have discovered a malicious Word document, also contained a macro with a Python script. At the initial stage of a macro determines what operating system is installed on the computer, and then loads two different versions of the script.
Regardless of the operating system both scripts showed the same behavior, using Metasploit modules to communicate with the managing server. As in the previous case, the researchers failed to install, what is the purpose loaded ON the computer.
At the moment, this is the first described case when the attackers are adopting the same macro scripts to attack different operating systems.
