Microsoft Office Vulnerability Brings Another Trojan To The Mac

Microsoft Office Vulnerability Brings Another Trojan To The Mac

Just another reason why you should avoid installing Microsoft software on your Mac.

With the Flashback trojan now threatened by extinction thanks to Apple’s new removal tool, it’s time to turn our attention to another threat. A vulnerability in Microsoft Office is allowing the “Backdoor.OSX.SabPub.a” trojan to infect systems running Mac OS X and use a Java exploit to avoid detection from anti-malware products

Once on your system, the trojan can feed back screenshots of your system and execute commands.

Kaspersky’s Costin Raiu says the trojan is already a month old, and it connects to a remote server based in California to receive its instructions. It uses a Java exploit by the name of “Exploit.Java.CVE-2012-0507.bf” in an effort to avoid detection from anti-malware products.

While it’s currently unclear how exactly this trojan is infecting Macs, Raiu says that some reports suggest the trojan is spread via emails that include links to the malware, in addition to infected Office documents. He also states that the trojan is in its “active stage,” and confirmed that it was able to take control of a “goat” machine operating by Kaspersky before searching for documents.

Raiu believes the exploit may be part of the same Pro-Tibetan campaign that spawned malware like “LuckyCat,” which also used infected documents to control machines:

The timing of the discovery of this backdoor is interesting because in March, several reports pointed to Pro-Tibetan targeted attacks against Mac OS X users. The malware does not appear to be similar to the one used in these attacks, though it is possible that it was part of the same or other similar campaigns.

Kaspersky promises that it will continue its research into this malware and recommends that Mac users take the usual precautions to ensure that their machine is safe. That includes keeping your machine and its software up to date, not installing software you didn’t specifically download, and using a good security solution.

  • Matthew Gonzales Landry

    Good thing Office is too expensive for me to care about anyways.

  • Jairo Gomez

    wtf Im installing microsoft office as i type because I need it for certain assignments.
    this is bull, these hackers need to get a life

  • nicknormal

    If the software in question has a loophole but ultimately the Operating System X allows this loophole to take screenshots and allow remote access (read: “execute”), how is that Microsoft’s fault – that is absolutely the OS X’s fault.

About the author

Killian BellKillian Bell is a staff writer based in the U.K. He has an interest in all things tech and also covers Android over at CultofAndroid.com. You can follow him on Twitter via @killianbell.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News, Top stories | Tagged: , , , , , , , |