{"id":1633,"date":"2017-04-07T11:47:51","date_gmt":"2017-04-07T11:47:51","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=1633"},"modified":"2020-08-18T23:12:27","modified_gmt":"2020-08-18T17:42:27","slug":"new-macro-based-malware-attacks-windows-and-macos-systems","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/","title":{"rendered":"New Macro-Based Malware Attacks Windows and MacOS systems"},"content":{"rendered":"

A new form of Microsoft Word macro-based malware has been discovered by cyber security researchers. This malware can affect both Windows and MacOS systems but follows different methods of attack for each operating system.<\/p>\n

\"Macro<\/p>\n

 <\/p>\n

The malicious macro is built-up on VBA (Visual Basic for Applications) code and contains instructions to automatically execute when the file is opened. This VBA code is based on an existing Metasploit framework, and the cyber criminals seem to have modified it so that it initially detects the operating system and then executes the attack.<\/p>\n

Considering security reasons that macros could contain malicious code, many enterprises and users disable macros. In this attack, the malicious MS Word file contains an image that states “This document is protected” and further instructions that previewing online was not available for protected documents. Further, it instructs the user to “Enable Editing” and “Enable Content” in the yellow Security Warning bar. The content looks convincing enough to dupe common users to enable Macros.<\/p>\n

And once Macros have been enabled, the malicious code gets executed triggering the auto open function. The VBA code reads and decodes the base64-encoded comments value of the word file. Now sensing the type of OS \u2013 Windows or MacOS \u2013 the code takes different routes.<\/p>\n

The Attack in Windows<\/strong><\/p>\n

In Windows, execution of code initiates powershell.exe in a hidden form and the base64-encoded code gets executed. This script decompresses zipped code to get, decompress and execute another powershell code. This code now downloads a 64-bit DLL file from a server, and this DLL has the capability to communicate with this server.<\/p>\n

The Attack in MacOS<\/strong><\/p>\n

As Python is pre-installed in MacOS, this attack executes a base64-decoded python script which downloads another python script from a suspicious location. This script is part of a Metasploit framework and is a customized Python meterpreter file. Execution of the script connects to the attacker’s server.<\/p>\n

The above exploit plays on duping users into allowing macros to run on MS Word application. A robust Malware prevention program<\/a> that depends on default-deny approach, real-time process monitoring, and behavioral analysis<\/a> would be the right defense against such exploits. As this exploit may be successful against Mac systems, users must install effective MAC security software<\/a> that monitors all processes in real-time for suspicious behavior.<\/p>\n

\"comodo<\/a><\/p>\n

\"comodo<\/a><\/p>\n

Related Resources:<\/strong>
\n<\/strong><\/p>\n

https:\/\/antivirus.comodo.com\/blog\/computer-safety\/five-best-virus-and-malware-removal-tools\/<\/a><\/strong><\/p>\n

Best Antivirus for Mac<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

A new form of Microsoft Word macro-based malware has been discovered by cyber security researchers. This malware can affect both Windows and MacOS systems but follows different methods of attack for each operating system.   The malicious macro is built-up on VBA (Visual Basic for Applications) code and contains instructions to automatically execute when the […]<\/p>\n","protected":false},"author":5,"featured_media":1682,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[49,95],"class_list":["post-1633","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-computer-safety","tag-mac-antivirus","tag-mac-security-software"],"yoast_head":"\nNew Macro-Based Malware Attacks Windows and MacOS systems<\/title>\n<meta name=\"description\" content=\"Cybersecurity researchers discovered a new form of Microsoft Word macro-based malware which follows different methods to attack both Windows and Mac OS.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Macro-Based Malware Attacks Windows and MacOS systems\" \/>\n<meta property=\"og:description\" content=\"Cybersecurity researchers discovered a new form of Microsoft Word macro-based malware which follows different methods to attack both Windows and Mac OS.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/\" \/>\n<meta property=\"og:site_name\" content=\"Comodo Antivirus Blogs | Anti-Virus Software Updates\" \/>\n<meta property=\"article:published_time\" content=\"2017-04-07T11:47:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-08-18T17:42:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/04\/RF-10639_thb_3.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"225\" \/>\n\t<meta property=\"og:image:height\" content=\"170\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"seo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"seo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/\",\"name\":\"New Macro-Based Malware Attacks Windows and MacOS systems\",\"isPartOf\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/04\/RF-10639_thb_3.jpg\",\"datePublished\":\"2017-04-07T11:47:51+00:00\",\"dateModified\":\"2020-08-18T17:42:27+00:00\",\"author\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\"},\"description\":\"Cybersecurity researchers discovered a new form of Microsoft Word macro-based malware which follows different methods to attack both Windows and Mac OS.\",\"breadcrumb\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/#primaryimage\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/04\/RF-10639_thb_3.jpg\",\"contentUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/04\/RF-10639_thb_3.jpg\",\"width\":225,\"height\":170,\"caption\":\"Mac Antivirus\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/antivirus.comodo.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Macro-Based Malware Attacks Windows and MacOS systems\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/\",\"name\":\"Comodo Antivirus Blogs | Anti-Virus Software Updates\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\",\"name\":\"seo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"caption\":\"seo\"},\"url\":\"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Macro-Based Malware Attacks Windows and MacOS systems","description":"Cybersecurity researchers discovered a new form of Microsoft Word macro-based malware which follows different methods to attack both Windows and Mac OS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/","og_locale":"en_US","og_type":"article","og_title":"New Macro-Based Malware Attacks Windows and MacOS systems","og_description":"Cybersecurity researchers discovered a new form of Microsoft Word macro-based malware which follows different methods to attack both Windows and Mac OS.","og_url":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/","og_site_name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","article_published_time":"2017-04-07T11:47:51+00:00","article_modified_time":"2020-08-18T17:42:27+00:00","og_image":[{"width":225,"height":170,"url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/04\/RF-10639_thb_3.jpg","type":"image\/jpeg"}],"author":"seo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"seo","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/","url":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/","name":"New Macro-Based Malware Attacks Windows and MacOS systems","isPartOf":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/#primaryimage"},"image":{"@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/#primaryimage"},"thumbnailUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/04\/RF-10639_thb_3.jpg","datePublished":"2017-04-07T11:47:51+00:00","dateModified":"2020-08-18T17:42:27+00:00","author":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462"},"description":"Cybersecurity researchers discovered a new form of Microsoft Word macro-based malware which follows different methods to attack both Windows and Mac OS.","breadcrumb":{"@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/#primaryimage","url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/04\/RF-10639_thb_3.jpg","contentUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/04\/RF-10639_thb_3.jpg","width":225,"height":170,"caption":"Mac Antivirus"},{"@type":"BreadcrumbList","@id":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/new-macro-based-malware-attacks-windows-and-macos-systems\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/antivirus.comodo.com\/blog\/"},{"@type":"ListItem","position":2,"name":"New Macro-Based Malware Attacks Windows and MacOS systems"}]},{"@type":"WebSite","@id":"https:\/\/antivirus.comodo.com\/blog\/#website","url":"https:\/\/antivirus.comodo.com\/blog\/","name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462","name":"seo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","caption":"seo"},"url":"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/1633","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/comments?post=1633"}],"version-history":[{"count":26,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/1633\/revisions"}],"predecessor-version":[{"id":15012,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/1633\/revisions\/15012"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media\/1682"}],"wp:attachment":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media?parent=1633"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/categories?post=1633"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/tags?post=1633"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}