“Researchers found a new malware designed to install a backdoor onto the target systems to Vietnam based hacking group OceanLotus.”
A newly discovered sort of malware is only targeting MacOS users during a campaign which is tied to a nation-state backed hacking group.
This campaign has been detailed by cybersecurity analysts at Trend Micro who have linked it to OceanLotus that is also known as APT32 , a hacking group which is thought to have links to the Vietnam government.
OceanLotus well known targets consists of the foreign organizations working in Vietnam including media, research and construction and while the motivation for this is not discovered till now, the aim is thought to be to use espionage to aid Vietnam based companies.
The MacOS backdoor provides the attackers with a window into the compromised machine, enabling them to pay attention to and steal tip and sensitive business documents.
The security researchers have linked it to OceanLotus on the basis of the similarities in code and behavior of the malware, compared with previous samples used in past campaigns by the hacking group.
The attacks begin with phishing emails whose main target is to encourage victims to run a zip file disguised as a Word document. It is not identified by anti-virus scanners by using special characters deep inside a combination of Zip folders.
The attack could potentially get itself away if the users are paying continuous attention because when the malicious file is run, a Microsoft Word document doesn’t open.
However, at this stage an initial payload is already performing on the machine and it changes access permissions so as to load a second-stage payload which then prompts the installation of a third-stage payload – which automatically downloads the backdoor onto the system. It’s installation is done using different stages so as OceanLotus aims to avoid detection.
Like older versions of the malware, this attack aims to gather system information and creates a backdoor allowing the hackers to pay attention to and download files, also as upload additional malicious software to the system if required. It is also a concern that the malware is still actively developed.
Threat groups like OceanLotus are continuously updating malware variants in attempts to avoid detection and increase persistence, wrote researchers.
To help avoid falling victim to this and other malware targets, users should be cautious about clicking untrusted links or downloading attachments from emails coming from suspicious or unknown sources.
It’s also recommended that organizations apply security patches and other updates to software and operating systems so malware isn’t ready to cash in of known vulnerabilities which may be protected against.