Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Uyghur Activists Once Again Targeted by Mac OS Malware

A malicious campaign that started last summer is once again targeting Uyghur activist groups in China. The latest developments in this year-long fight is a new variant of the documents used to target the activists earlier this year.

A malicious campaign that started last summer is once again targeting Uyghur activist groups in China. The latest developments in this year-long fight is a new variant of the documents used to target the activists earlier this year.

F-Secure reported that the variant was submitted to VirusTotal April 11 in China. The malicious email attachment uses an author tag of IUHRDF, which could be the International Uyghur Human Rights & Democracy Foundation. The payload itself is the same, a backdoor that targets Max OS X, and it targets vulnerabilities in Microsoft Word.

This latest attack has a history, as it’s tied to the “Luckycat” attacks that were discovered over a year ago by Kaspersky Lab and Trend Micro targeting Tibetan activists as well as people connected to military research, and aerospace and energy companies in India and Japan. Unlike this recent attack, the earliest version of the campaign targeted Java vulnerabilities.

While the payload remains the same, the method of infection changes depending on the latest software vulnerabilities. In June 2012, the person(s) controlling the campaign targeted activists by embedding a malicious JPEG photo and OS X application within a ZIP file.

Additional levels of attack against the activists also include malicious Android packages (APK), which were delivered last month. This twist targeted both Windows and Mac users. That campaign referenced the “World Uyghur Congress.” Shortly before Android, the attackers focused on PDF vulnerabilities.

“Although some of these attacks were observed during 2012, we’ve noticed a significant spike in the number of attacks during Jan 2013 and Feb 2013, indicating the attackers are extremely active at the moment,” Kaspersky’s Costin Raiu said of the previous version of this latest attack.

“With these attacks, we continue to see an expansion of the APT capabilities to attack Mac OS X users. In general, Mac users operate under a false sense of security which comes from the years old mantra that ‘Macs don’t get viruses’…”

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.