Dridex banking malware modified to spread using macOS
A variant of the Dridex banking malware is using macOS to spread to others, by using email attachments that look like regular documents.
Dridex targets Macs
Security researchers at Trend Micro said on Thursday that the malware previously targeted Windows, but now the cybercriminals have changed their strategy to go after macOS.
The Dridex malware sample Trend Micro analyzed takes the form of a Mach-O file, an executable file that can run on macOS and iOS. File extensions they use include .o, .dylib, and .bundle.
The Mach-O file contains a malicious document that runs automatically once a user opens it. It then overwrites all Microsoft Word files in the macOS user directory and contacts a remote server to download more files, including a Windows executable file (.exe) that runs the Dridex malware.
Content of the executable file dropped by the malware. Source: Trend Micro
These executables can't run on macOS. But, if a user's Word files are overwritten with malicious versions, Mac users could unwittingly infect others when they share the files online.
For now, Mac users are safe from the Dridex malware. Trend Micro says it's possible that attackers could modify it to run on macOS in the future.
For instance, your credit card company won't send you a receipt from a Gmail account.
Apple includes security tools such as Gatekeeper and the XProtect antivirus software that are built into macOS. Users can also choose to download antivirus software from a third-party company.
An online tool called VirusTotal can scan URLs and files that people upload and detect if it contains malware. For example, if an email has a Microsoft Word document or a Mach-O file as an attachment, it may be a good idea to scan it with the website.
AppleInsider will be covering the 2023 Consumer Electronics Show in person on January 2 through January 8 where we're expecting Wi-Fi 6e devices, HomeKit, Apple accessories, 8K monitors and more. Keep up with our coverage by downloading the AppleInsider app, and follow us on YouTube, Twitter @appleinsider and Facebook for live, late-breaking coverage. You can also check out our official Instagram account for exclusive photos throughout the event.
Read on AppleInsider
Dridex targets Macs
Security researchers at Trend Micro said on Thursday that the malware previously targeted Windows, but now the cybercriminals have changed their strategy to go after macOS.
The Dridex malware sample Trend Micro analyzed takes the form of a Mach-O file, an executable file that can run on macOS and iOS. File extensions they use include .o, .dylib, and .bundle.
The Mach-O file contains a malicious document that runs automatically once a user opens it. It then overwrites all Microsoft Word files in the macOS user directory and contacts a remote server to download more files, including a Windows executable file (.exe) that runs the Dridex malware.
Content of the executable file dropped by the malware. Source: Trend Micro
These executables can't run on macOS. But, if a user's Word files are overwritten with malicious versions, Mac users could unwittingly infect others when they share the files online.
For now, Mac users are safe from the Dridex malware. Trend Micro says it's possible that attackers could modify it to run on macOS in the future.
How to stay safe
First and foremost, with Dridex, the best way to protect yourself is to not open attachments where the provenance is unclear. Check who the sender is, not just by the displayed name of the sender, but also the email address.For instance, your credit card company won't send you a receipt from a Gmail account.
Apple includes security tools such as Gatekeeper and the XProtect antivirus software that are built into macOS. Users can also choose to download antivirus software from a third-party company.
An online tool called VirusTotal can scan URLs and files that people upload and detect if it contains malware. For example, if an email has a Microsoft Word document or a Mach-O file as an attachment, it may be a good idea to scan it with the website.
AppleInsider will be covering the 2023 Consumer Electronics Show in person on January 2 through January 8 where we're expecting Wi-Fi 6e devices, HomeKit, Apple accessories, 8K monitors and more. Keep up with our coverage by downloading the AppleInsider app, and follow us on YouTube, Twitter @appleinsider and Facebook for live, late-breaking coverage. You can also check out our official Instagram account for exclusive photos throughout the event.
Read on AppleInsider
Comments
Nothing, no Windows or Microsoft word users among friends everyone has moved on to iPhones, iPads, and Macs, at work speaking for myself, the only items that I would ever send home was an occasional pdf, but on my own time, I just didn’t waste anytime with anything from Microsoft other than a Excel document which was once in a blue moon. There are many word/graphic programs available to choose from which are more powerful and better in the UI/layout department.
Microsoft Word and Excel have always had trouble over the years (malware), probably access to all those pirated Windows programs around the world.
Pages, Keynote, Omni Outliner, Quark, In Design, and Notability work very well, recent edition, Affinity Publisher.
When I was in school, I used a page layout program (Quark, and InDesign) to create documents and when other people (teacher/classmates) saw them. They asked me what did I use and I when I told them, they looked at me and said oh! They were hoping that I was using Microsoft Word.
A iPad/Mac, Notability, OmniOutliner, and Pages make creating documents a breeze. The kids in school don’t realize how good they have it in comparison to the so-called good old days, the tools available today are just so much better if they are used.
So excuse me if I’m very skeptical of your claim.