Skip to main content

MacOS suffers its first-ever Word macro attack

Debate continues over whether Apple’s MacOS is inherently more safe from malware than Windows or if Macs simply aren’t targeted as often because of their smaller share of the PC market. Regardless, the fact is that MacOS isn’t immune, and new vulnerabilities arise on occasion that Mac users should keep in mind.

One category of malware that has certainly affected Windows and not MacOS is the infamous Microsoft Word macro virus. That could be changing, as MacOS has now suffered its very first Word macro attack, as Ars Technica reports.

Recommended Videos

While Word macros can significantly enhance the application’s value, they’ve fallen out of favor over the years because of their tendency to be abused by malicious parties. Now, people who have used Word over the years probably think twice about clicking on the “enable macros” button that pops up when they open a document with embedded macros. MacOS users now also have good reason to hit the “disable macros” button instead unless they know for sure it’s from a safe source — or to discard the document entirely.

The malware in question comes via a Word document, “U.S. Allies and Rivals Digest Trump’s Victory — Carnegie Endowment for International Peace,” that when opened runs embedded Python code that comes from the EmPyre open-source exploit framework. The code is capable of accessing webcams, grabbing passwords and encryption keys, and snooping into browser histories — and the infection it creates is persistent. Before running, it checks to make sure that the Littlesnitch security firewall isn’t active.

As usual, the Word macro malware relies on the user clicking through the warning. Patrick Wardle, Director of Research at Synack, a security company, said in an analysis of the Word document, “By using macros in Word documents, they are exploiting the weakest link; humans! And moreover since macros are ‘legitimate’ functionality (vs. say a memory corruption vulnerability) the malware’s infection vector doesn’t have to worry about crashing the system nor being ‘patched’ out.”

Another piece of malware that researchers also describe as unsophisticated and “poorly written” was recently discovered separately from the Word macro. Other attacks have been identified in the past few years, demonstrating that malicious parties are starting to pay more attention to MacOS — enough so that Mac users should seriously consider installing some antivirus and antimalware software. It’s simply no longer true that it’s only Windows users who are vulnerable to attack.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
WWDC may not deliver the macOS magic I’d love to see. Here’s why
macOS Sequoia being introduced by Apple's Craig Federighi at the Worldwide Developers Conference (WWDC) 2024.

Apple’s Worldwide Developers Conference (WWDC) is just two months away, and that means I’m starting to look forward to what could be coming to the Mac at Apple’s big summer show. The problem is that every time I think about WWDC 2025, I can’t shake one feeling: that Apple Intelligence is going to dominate everything at the event.To be fair, I don’t think Apple can do things any other way. As I’ve written about before, this year’s WWDC is make or break for Apple Intelligence. Apple has to not only make sure that its artificial intelligence (AI) platform catches up with rivals like ChatGPT and Google Gemini, but that it actually offers a service that can outdo its competitors in some ways. It needs to convince the public that Apple Intelligence is a worthy contender for their AI needs.And if Apple gets it right, then Apple Intelligence might finally become the system it was always meant to be, with a revamped Siri that possesses incredible contextual awareness and useful additions to key Mac apps that help you in your everyday life.But while I’m really hoping that Apple Intelligence gets the shake-up it so clearly needs, I don’t want the likes of macOS 16 and iOS 19 to miss out as a result. After all, these are the core aspects of Apple fans’ favorite devices. Without meaningful upgrades here, we’re all going to be a little worse off.

Déjà vu

Read more
The Oppo Find N5 put a Mac in my pocket, and Apple needs to take note.
An Oppo Find N5 is being used for remote access to a Mac.

It’s no secret that the biggest strength of Apple’s ecosystem is the seamless cross-device connectivity it offers. Yet, despite commanding the world’s biggest mobile-computing duopoly, Apple hasn’t offered two-way control for iPhones and Macs to remotely operate each other. It’s a shame, because given Apple’s security-first approach, it’s in the best spot to offer such a facility. 

The situation only changed last year, but only halfway through. With the arrival of iOS 18 and macOS Sequoia, Apple finally introduced iPhone Mirroring. However, there’s still no equivalent that allows you to access and control your Mac desktop on your iPhone. Or an iPad. Some third-party options have existed, though, but haven't really been stellar. 

Read more
Proton Drive has a new macOS app and it looks great
Proton Drive browser and app on monitor

As well as email and VPN services, Swiss company Proton also offers cloud storage. Think Google Drive, but end-to-end encrypted. The macOS app for Proton Drive has been around since 2023 but today, a 2.0 version has been released, rebuilding the app from the ground up.

The app lives in your desktop menu bar, allowing you to access files and open up your Drive in browser with just a few clicks. The dropdown box also shows you the status and activity on your most recent files, so you can see when changes are syncing and when things go wrong. Upload and download speeds are also improved compared to the old app, giving users up to double the speed.

Read more