14 DAY TRIAL // Security company FortiGuard Labs warns that a malicious Microsoft Word document is being used these days to compromise both Windows and macOS systems using the macro feature that makes it possible to download malware on target systems.
The macro feature integrated into Microsoft’s Office productivity suite has already been used by cybercriminals to infect systems and it looks like this new wave of attacks is based on a similar approach, relying on VBA (Visual basic for Applications) code to deploy malware.
What’s important to note, however, is that this Word document is being used to attack both Windows and macOS, and the researchers observed that, depending on the OS type, the script is trying to take a different route to make sure that it successfully compromises the system.
Already blocked by some antivirus solutions
FortiGuard says that once the python script in the macro is executed, the file attempts to download a file from a link we’re not going to mention here and execute it on the local machine.
The script tries to connect to the host on port 443, but at the time of the research, the server was down and not answering client requests. This doesn’t necessarily mean that systems cannot be compromised, as the python process remains active on the system, retrying connections in the background until an answer is offered.
The easiest way to remain secure against this new wave of attacks is to avoid Word documents coming from sources that you don’t trust. Additionally, if you do open these documents, make sure that you’re not running the macro inside as it can initiate the whole process that in the end compromises your system.
Antivirus solutions are already being updated to detect the malicious documents, and FortiGurd says its antivirus flags the files as WM/Agent.7F67!tr, so make sure you’re running fully up-to-date security software, especially if you’re working with Office documents from sources you don’t necessarily trust.