Technology

MacOS backdoor appears to be update of tool previously used by Vietnam-linked group

Researchers at Trend Micro say a newly discovered MacOS backdoor uses tactics previously associated with the group known as APT32 or OceanLotus.

By Joe Warminsky

November 30, 2020

(LibreShot / Martin Vorel)

The hacking group known as APT32 or OceanLotus appears to have a new version of a tool used to infiltrate MacOS computers, according to researchers with cybersecurity company Trend Micro.

The malicious software arrives as a .zip file that tries to disguise itself with a Microsoft Word icon, and it is engineered to evade detection by antivirus software, Trend Micro says. Once activated, the malware serves as a backdoor for other payloads that can exfiltrate data from an infected machine.

It’s the latest sign of expanded or upgraded tactics from APT32, which is known for espionage campaigns that target Southeast Asia. Recent discoveries attributed to the group include efforts to use imitation news sites to spy on users and sometimes infect their machines with malware, and using the Google Play Store to distribute apps surreptitiously loaded with spyware.

In this case, the MacOS backdoor appears to aimed at computers in Vietnam itself.

“The attackers behind this sample are suspected to target users from Vietnam since the document’s name is in Vietnamese and the older samples targeted the same region before,” write researchers Luis Magisa and Steven Du.

The filename cited by Trend Micro includes the phrase “ALL tim nha Chi Ngoc Canada.” In Vietnamese, “tìm nhà Chị Ngọc” roughly translates to “find Mrs. Ngoc’s house,” the report notes.

Once activated, the backdoor inserts a second-stage payload that clears the way for yet another piece of malware that has close similarities to a sample previously cited by Trend Micro in 2018. The malware can upload files to a command and control server and can download and execute more files, the researchers report.

Malware for Apple’s MacOS for laptops and desktop computers generally receives less attention than malicious software aimed at operating systems with larger global footprints, such as Microsoft’s Windows, Apple’s mobile iOS or the Android system. But malicious hackers do develop ways to break into Macs, and most major antivirus companies make scanning tools for the operating system.

MacOS backdoor appears to be update of tool previously used by Vietnam-linked group

More Like This

House hurtles toward showdown over expiring surveillance tools

Civil society groups press platforms to step up election integrity work

Decade-old malware haunts Ukrainian police

Top Stories

FISA reauthorization heads to Biden’s desk after Senate passage

FBI director warns of China’s preparations for disruptive infrastructure attacks

Proposed data broker regulations draw industry pushback on anonymized data exceptions, bulk thresholds

More Scoops

Hackers have been exploiting ‘dangerous’ MacOS bug to run malware campaign

Vietnamese hackers spent years harassing human rights activists with spyware

Cryptocurrency miners were ‘distraction technique’ in APT’s espionage campaigns, Microsoft says

Vietnamese hacking group OceanLotus uses imitation news sites to spread malware

Pwn2Own hackers go remote, then crack macOS and Oracle machines anyway

Chinese-linked hacking group using Windows backdoors to go after gambling industry targets

North Korea is using front companies to steal cryptocurrency

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics