New Cross-platform Malware Attacks Both Windows and Mac OS X Computers

windows macIt does not happen all that often when researchers find a cross-platform malware. A new malicious Word document is a cause of great concern, though, as it can infect both Mac OS X and Windows computers alike. A very unusual development, since criminals very a rarely target the Macintosh platform due to its lesser popularity. It is unclear how harmful this new type of malware might be, though. A Cross-Platform Malware Strain is Unusual This latest type of malware has security researchers concerned all over the world. Even though it requires victims to manually enable macros while opening the file in

windows mac

It does not happen all that often when researchers find a cross-platform malware. A new malicious Word document is a cause of great concern, though, as it can infect both Mac OS X and Windows computers alike. A very unusual development, since criminals very a rarely target the Macintosh platform due to its lesser popularity. It is unclear how harmful this new type of malware might be, though.

A Cross-Platform Malware Strain is Unusual

This latest type of malware has security researchers concerned all over the world. Even though it requires victims to manually enable macros while opening the file in question, it seems plausible to assume a lot of damage can be done. Criminals have flocked to infecting Word documents with malware over the past few months, and it appears this trend will not go away anytime soon.

Once a recipient opens the Word file in question and has macros enabled, the malware code is executed on the computer. Since this malicious software can infect both Windows and Mac OS X machines, it goes to show that criminals have quite an elaborate plan. Macintosh users are often safe from these types of attacks, since the Mac OS market share is nearly negligible. That being said, it was only a matter of time until this platform would come under scrutiny from cyber criminals.

Moreover, Mac OS users will not see the malicious file being downloaded in the background. This is made possible thanks to the Python wrapper used to distribute this malware. Once the Python script is downloaded and executed by the computer user, it will communicate with the assailant’s server to download the malware in question. The Python script in question appears to be a modded version of a Python meterpreter file, which is a common method of attack among cyber criminals these days.

The Windows malware variant is a bit more sophisticated, by the look of things. Under the hood, there are several layers of code and encryption wrapped around one another. One researcher refers to this as a “Russian nesting doll”, which seems to be an accurate description. Unlike the Mac OS X version, the Windows variant downloads a 64-bit DLL file which communicates with the assailant’s server. This also hints at how this new malware man only affected 64-bit versions of Windows, albeit that has not been officially confirmed.

Luckily, it appears researchers have figured out how this malware spreads. Or to be more precise, they feel they figured out this process used currently, although it remains unclear how this distribution phase may evolve in the future. Moreover, there is no indication as to who may be behind this new malware. It goes to show there is a bright future ahead for Microsoft Office macro-based malware, although that does not bode well for computer users.

What is especially worrisome is how more and more malware types are deliberately attacking Mac OS users as of late. Until a few months ago, such a threat seemed nearly inconceivable. However, this goes to show the Macintosh operating system is not safe from harm by any means. In February of 2017, researchers came across another malware type affecting Mac OS systems. It is unclear if the same group is behind this new malware, though. Cross-platform malware attacks are slowly becoming a trend, that much is certain.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

Windows Zero-day Exploit Allows Hackers to Take Over any Installed Application

TheMerkle Windows Zero-dayWhen computer operating systems start to turn on their users, things are not looking good by any means. A new zero-day attack that affects the Windows operating system will turn installed antivirus solutions into a legitimate malware threat. Antivirus vendors are not too concerned about this situation right now, even though it is still a troublesome development. Compromising Antivirus Solutions is The Latest Hacker Trick The DoubleAgent attack is a new zero-day attack vector targeting Windows operating system users all over the world. It appears DoubleAgent takes advantage of a legitimate Windows tool, which makes the whole ordeal quite worrisome.

TheMerkle Windows Zero-day

When computer operating systems start to turn on their users, things are not looking good by any means. A new zero-day attack that affects the Windows operating system will turn installed antivirus solutions into a legitimate malware threat. Antivirus vendors are not too concerned about this situation right now, even though it is still a troublesome development.

Compromising Antivirus Solutions is The Latest Hacker Trick

The DoubleAgent attack is a new zero-day attack vector targeting Windows operating system users all over the world. It appears DoubleAgent takes advantage of a legitimate Windows tool, which makes the whole ordeal quite worrisome. Cyber criminals can take advantage of the Microsoft Application Verifier tool and turn installed antivirus solutions into a malware threat.

To be more specific, DoubleAgent takes advantage of an undocumented feature in the Microsoft Application Verifier. It appears this feature has been around ever since Windows XP came around. This feature allows developers to conduct runtime verification of their applications so they can address software issues. This same “tool” is now used to replace the legitimate verifier with a rogue version that gives assailants complete control over the application.

So far, it appears no vendor is safe from this zero-day exploit. Popular and lesser-known vendors are all vulnerable to criminals taking advantage of the Microsoft Application Verifier. To be more specific, the exploit gives assailants a relatively easy option to snoop on computer user activity, stealing data from the system, and even spreading to their devices connected to the same network.

Moreover, the assailants would be able to control the installed antivirus solution without being detected. To the end user, it will appear the antivirus program is operating just fine, even though that is not the case. This issue is not exactly new either, as all affected vendors were notified about this problem over three months ago. For some reason, very few vendors issued a patch to address this problem, which means computers around the world are still vulnerable to this attack.

Although it appears this thread mostly pertains to hijacking antivirus solutions right now, there is no limit as to what criminals can do. In fact, they can use this exploit to gain control over any other application installed on the computer. All an assailant has to do is execute the exploit with the requested application name and the attack will occur automatically. This leaves computers wide open to many different types of hijacking, that much is certain.

Antivirus vendors are not overly concerned about this zero-day exploit right now, though.  In fact, doing real harm would require assailants to write directly to the Windows registry, which can only be done by someone with Administrator privileges. It is not unlikely an attacker could obtain these credentials, even though it somewhat reduces the threat level. That being said, this exploit should not be overlooked by any means, as it still puts Windows users at risk.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.