Security researchers have encountered new email-based targeted attacks that exploit a vulnerability in Microsoft Office to install a remote access Trojan horse program on Mac OS systems.
The rogue emails appear to target Tibetan activist organizations and distribute booby-trapped Microsoft Word documents that exploit a known remote code execution vulnerability in Microsoft Office for Mac, according to malware experts from security firm AlienVault.
"This is one of the few times that we have seen a malicious Office file used to deliver Malware on Mac OS X," said AlienVault security researcher Jaime Blasco in a blog post on Tuesday.
Security researchers from Mac antivirus vendor Intego believe that the attacks might become more widespread. "This malware is fairly sophisticated, and it is worth pointing out that the code in these Word documents is not encrypted, so any malware writer who gets copies of them may be able to alter the code and distribute their own versions of these documents," they said in a blog post on Thursday.
"The attack will be very effective on those who have not updated their copies of Microsoft Office, or aren't running antivirus software," the Intego researchers said.