New MacOS Backdoor Linked to OceanLotus


New MacOS Backdoor Linked to OceanLotus (Apr 4, 2018)

A new backdoor has been discovered and attributed to the Advanced Persistent Threat (APT) group OceanLotus (APT32, APT-C-00, SeaLotus, Cobalt Kitty), according to Trend Micro researchers. The backdoor, dubbed “OSX_OCEANLOTUS.D,” is distributed via a malicious Word document which itself is likely distributed via email. Once the document is opened, it requests the user to enable macros to “activate the compatibility mode for older version.”

Recommendation: All employees should be educated on the risks of phishing, specifically, how to identify such attempts and whom to contact if a phishing attack is identified. It may also be useful for employees to stop using email attachments, in favor of a cloud file hosting service like Box or Dropbox.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.