Another Java trojan for Mac discovered, this time through Microsoft Word
Just days after Apple released its official Flashback trojan patch, another Java trojan has been discovered that could possibly infect Macs. The trojan is known as "LuckyCat." As Kaspersky Lab Expert Costin Raiu explains in a blog post, LuckyCat takes advantage of an exploit in Microsoft Word that allows malware to be spread via documents that take advantage of the CVE-2009-0563 vulnerability:
One of the biggest mysteries is the infection vector of these attacks. Given the highly targeted nature of the attack, there are very few traces. Nevertheless, we found an important detail which is the missing link: Six Microsoft Word documents, which we detect as Exploit.MSWord.CVE-2009-0563.a. In total we have six relevant Word .docs with this verdict -- with four dropping the MaControl bot. The remaining two drop SabPub.
The most interesting thing here is the history of the second SabPub variant. In our virus collection, it is named "8958.doc". This suggests it was extracted from a Word document or was distributed as a Doc-file.
Currently there are no details on how the average user can detect if they are infected with the LuckyCat trojan, nor how to remove it. One can expect that the Microsoft Word vulnerability will be patched in an Office for Mac update.
Just days after Apple released its official Flashback trojan patch, another Java trojan has been discovered that could possibly infect...
Subscribe to Newsletter
Software Updatesmore updates
- Readdle rolls out PDF Expert 5: iCloud support, shared folder with Documents by Readdle
- FlightTrack 5: new look and features just in time for holiday travel
- HBO Go for iOS update adds Google Chromecast support
- Haiku Deck updates iPad app, launches web-based cloud version
- Weather Underground iPhone app gets crowdsourced weather, iOS 7 style
- Apple updates iMovie, adds support for older Macs