The Word files seem to exploit an existing vulnerability and target Microsoft Office for Mac. “This is one of the few times that we have seen a malicious Office file used to deliver malware on Mac OS X”, AlienVault Labs noted in a blog.
“A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploits this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights”, the blog explained.
The command and control domain for the malware is located in Beijing province on China Unicom’s network, according to the blog.
AlienVault Labs had earlier found that the same group was behind recent spear phishing attacks on the Central Tibetan Administration and other Tibetan groups, as well as the Nitro attacks targeting chemical and defense firms last year.