OSX.BadWord

Short bio

OSX.BadWord is Malwarebytes' detection name for Word macro malware  targetting MacOs systems.

Type and source of infection

OSX.BadWord arrives as a Word document. OSX.BadWord uses a sandbox escape to create a launch agent on the system. This launch agent provides persistence to a Python script that sets up a Meterpreter backdoor. It relies on social engineering for a the user to open the malicious Word document and allow the macros to run.

Protection

Never allow macros to run in Microsoft Office documents, and you will be safe from this kind of malware.

Remediation

Malwarebytes for Mac will detect and remove the components of this malware.

Download and install the latest version of Malwarebytes for Mac.

Click the “Scan Now” button to perform a system scan.

If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.

Click “Confirm” to move the detected threats to Quarantaine.

If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.

IOCs

BitcoinMagazine-Quidax_InterviewQuestions_2018.docm
SHA-256: 4454e768b295ed2869f657b2e9f47421b6ca0548e67092735665cd339a41dddb

Related blog content

Flurry of new Mac malware drops in December

The state of Mac malware

Select your language

New Buy Online Partner Icon Warning Icon Edge icon