Skip to main content

MacOS suffers its first-ever Word macro attack

1129714 autosave v1 hackers22
Debate continues over whether Apple’s MacOS is inherently more safe from malware than Windows or if Macs simply aren’t targeted as often because of their smaller share of the PC market. Regardless, the fact is that MacOS isn’t immune, and new vulnerabilities arise on occasion that Mac users should keep in mind.

One category of malware that has certainly affected Windows and not MacOS is the infamous Microsoft Word macro virus. That could be changing, as MacOS has now suffered its very first Word macro attack, as Ars Technica reports.

While Word macros can significantly enhance the application’s value, they’ve fallen out of favor over the years because of their tendency to be abused by malicious parties. Now, people who have used Word over the years probably think twice about clicking on the “enable macros” button that pops up when they open a document with embedded macros. MacOS users now also have good reason to hit the “disable macros” button instead unless they know for sure it’s from a safe source — or to discard the document entirely.

The malware in question comes via a Word document, “U.S. Allies and Rivals Digest Trump’s Victory — Carnegie Endowment for International Peace,” that when opened runs embedded Python code that comes from the EmPyre open-source exploit framework. The code is capable of accessing webcams, grabbing passwords and encryption keys, and snooping into browser histories — and the infection it creates is persistent. Before running, it checks to make sure that the Littlesnitch security firewall isn’t active.

As usual, the Word macro malware relies on the user clicking through the warning. Patrick Wardle, Director of Research at Synack, a security company, said in an analysis of the Word document, “By using macros in Word documents, they are exploiting the weakest link; humans! And moreover since macros are ‘legitimate’ functionality (vs. say a memory corruption vulnerability) the malware’s infection vector doesn’t have to worry about crashing the system nor being ‘patched’ out.”

Another piece of malware that researchers also describe as unsophisticated and “poorly written” was recently discovered separately from the Word macro. Other attacks have been identified in the past few years, demonstrating that malicious parties are starting to pay more attention to MacOS — enough so that Mac users should seriously consider installing some antivirus and antimalware software. It’s simply no longer true that it’s only Windows users who are vulnerable to attack.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
Apple’s macOS Sonoma has a game-changing feature — literally
apple could fix mac game porting wwdc 2023 gaming 1

Apple’s Worldwide Developers Conference (WWDC) was chock-full of new announcements, and it’s fair to say that between the Vision Pro headset and all of Apple’s new Macs, macOS was far from the biggest new reveal. Yet, there was one new macOS feature that could be absolutely game-changing.

That’s because right now, Mac gaming is in a pretty bad way. Gamers don’t buy Macs because there aren’t enough good games, and developers don’t port their games to the Mac because there aren’t enough people to play them. It’s a chicken-and-egg situation caught in a death spiral.

Read more
This critical exploit could let hackers bypass your Mac’s defenses
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Microsoft has discovered a critical exploit in macOS that could grant hackers easy access to your Mac’s most important data. Dubbed ‘Migraine,’ it shows why it’s vital to update your Mac as soon as possible.

Migraine is so damaging because it can bypass Apple’s System Integrity Protection, or SIP for short. SIP is enabled by default on modern Macs and works by sandboxing sensitive parts of the computer from outside meddling. Only processes that are signed by Apple (or those with special privileges, like Apple installers) are allowed to alter something guarded by SIP.

Read more
This macOS concept fixes both the Touch Bar and Dynamic Island
Concept of macOS dynamic dock.

What if your macOS dock behaved more fluidly, dynamically morphing to show background processes such as download progress, media controls, text messages, and so on?

The following concepts demonstrate "what if" macOS and iOS Live Activities got together and had a child, and they have certainly got my imagination going.

Read more