Kaspersky labs and Alienvault have released a new analysis that outlines recent increases in targeted attacks against Uyghur groups in China, where an apparent ongoing politically motivated effort is using old vulnerabilities in Microsoft Word to infect their systems with malware.
The effort is using unpatched versions of Microsoft Word 2004 and 2008 for OS X, where maliciously crafted documents can exploit an old and patched vulnerability to execute code and install backdoor software without the user's consent. The malware in this case installs a common remote-access shell called "TinySHell" that in itself is not intended as malware, but since it runs undetected in the background, the malware developers have been exploiting its ability to stay relatively hidden.
This attack is similar to one found targeting these same ethnic groups; the Word documents are likewise being sent in booby-trapped e-mails to these groups.
While this form of attack is nothing new, it appears to be a renewed effort to try stealing information from these groups. Therefore, for anyone who feels they or someone they know may be at risk of receiving one of these malicious e-mails, Kaspersky has some recommendations:
- Use Gmail for its double-authentication features to help prevent criminals from masking as a familiar sender.
- Update all software (especially Word) that you have on your computer.
- Consider using an anti-malware suite and have it actively scan incoming e-mail.
- Use Chrome or other browsers that include fraud-detection features.
- Confirm with the sender the validity of any attachments or links they've sent before you open them.
In addition to these recommendations, the use of a reverse firewall tool like Little Snitch should help detect and by default block any unwanted communications to remote servers, so if you would like to monitor and be in control of your system's outgoing connections then this is one way to do it.
Given that this malware is targeted at a specific ethnic group and uses very old security vulnerabilities that were patched years ago, these attacks are considered to be very low threats to most Mac users, especially if you simply keep your software updated. But it never hurts to stay aware of any kinds of attacks, just in case.