The overall perception about Apple devices is that they are protected from malware attack(s) – which isn’t true considering a recent surge in attacks targeting iPhones & macOS.

To prove that the IT security researchers at Trend Micro have discovered a new malware which they believe is associated with OceanLotus aka SeaLotus, Cobalt Kitty, APT 32, and APT-C-00. The infamous OceanLotus group is well known for targeting research institutes, maritime construction firms, media , and even human rights organizations.

First detected as OSX_OCEANLOTUS.D by Trend Micro researchers, the malware aims at Mac devices that have Perl programming language installed on the system and is being delivered through phishing emails attached with a Microsoft Word doc.

After analyzing the document the researchers noted that its content invites users to register themselves for an event organized by HDMC, a Vietnamese organization that advertises democracy.

The document contains nefarious macros. The email recommends victims to enable macros to read the email and then once that’s done the obfuscated macros extract a .XML file from the Word document which is actually an executable file and works as the dropper of the backdoor, which is the final payload.

Moreover, all strings within the dropper including the backdoor are encrypted using a hardcoded RSA256 key.

The dropper checks whether it is running as a root  — and based on that it selects where it needs to be installed.

The backdoor depends on two functions including infoClient and runHandle. The runHandle function is responsible for the backdoor capabilities whereas infoClient collects platform info and sends it to the C&C server.

“Malicious attacks targeting Mac devices aren’t  as common as its counterparts, however the discovery of this new macOS backdoor that is presumably distributed via phishing email calls for every user to adopt best practices for phishing attacks regardless of OS” wrote Trend Micro.

Although it is unclear how many victims this new malware has found or if it has spread outside Vietnam; macOS users should remain vigilant and refrain from downloading files or clicking links from unknown emails.

Finally, use anti-malware software, scan your device daily and keep its OS updated.

Olé Crypto,



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.