Microsoft Office Vulnerability Brings Another Trojan To Mac

Microsoft Office for Mac

With the Flashback trojan not a serious threat, thanks to Apple’s new removal tool, it is time to pay attention to another threat. A vulnerability in Microsoft Office is allowing the “Backdoor.OSX.SabPub.a” trojan to infect systems running Mac OS X and use a Java exploit to avoid detection from anti-malware products.

Once on your system, this trojan can feed back screenshots of your system and execute commands.

Kaspersky’s Costin Raiu has said the trojan is already a month old. It connects to a remote server based in California to receive its instructions. It uses a Java exploit by the name of “” in an effort to avoid detection from anti-malware products.

At the moment, it is unclear how exactly this trojan is infecting Macs. However, Raiu has said that some reports suggests that the trojan is spread via emails that include links to the malware, in addition to infected Office documents. He also stated that the trojan is in its “active stage,” and confirmed that it was able to take control of a “goat” machine operating by Kaspersky before searching for documents.

Raiu believes that the exploit may be part of the same Pro-Tibetan campaign that spawned malware like “LuckyCat,” which also used infected documents to control machines:

The timing of the discovery of this backdoor is interesting because in March, several reports pointed to Pro-Tibetan targeted attacks against Mac OS X users. The malware does not appear to be similar to the one used in these attacks, though it is possible that it was part of the same or other similar campaigns.

Kaspersky has promised that it will continue its research into this malware and has recommended that Mac users take the usual precautions to ensure that their machine is safe. That includes keeping your machine and its software up to date, not installing software you did not specifically download, and using a good security solution.

Source: Cult Of Mac

Leave a Reply

Your email address will not be published.