“Here’s how the malware works. According to Objective-See, the blog where Synack security researcher Patrick Wardle analyzes macOS malware,” Marshall Honorof reports for Tom’s Guide. “Mac users get an email. It includes a Word document called ‘U.S. Allies and Rivals Digest Trump’s Victory — Carnegie Endowment for International Peace.’ But when you click on it, it’s not about Trump.”
“The Word document tells users that it contains macros and that you’ve got to activate them. But the macros don’t do anything in Word; they open up a binary file instead,” Honorof reports. “This launches a function called Fisher, which runs a Python code to download a payload from a site called ‘SecurityChecking.’ But the cybercriminals don’t have an active payload up and running right now, so it’s impossible to tell what kind of malware it might be.”
“If you see a Word file with Donald Trump’s name in it — especially from an email address you don’t know — just ignore it,” Honorof reports. “If you download an Office file and it asks you for permission to run macros, just ignore it, unless you know what the macros do.”
Read more in the full article here.
MacDailyNews Take: Don’t trust email messages, especially those with attachments, from people or entities you do not know. Certainly, don’t run Word macros from them!