Macro malware has been spreading for years. New techniques arise all the time to hide malicious code and thus increase the difficulty of analysis. However, just targeting Microsoft Windows no longer seems to be enough for the malware authors. The Mac appears to be the new challenge, and attackers appear to be rising to this challenge.
In previous versions of macro threats, the malicious code was hidden in user forms and macros in Microsoft Office files. (See
Macro Malware Associated With Dridex Finds New Ways to Hide.) The latest member of this family seems to have learned a new trick or two, as we now will see.
- The malicious code is now hidden in the properties of Excel worksheet files:
