Mac users warned of more Ocean Lotus malware targeted attacks

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Mac users warned of more Ocean Lotus malware targeted attacks

Researchers at Trend Micro are warning of the latest incarnation of a backdoor trojan horse that has been used in the past to target Mac users.

The Ocean Lotus gang, also known as APT 32, has previously been linked to the Vietnamese government and watering hole attacks that compromised websites belonging to the likes of Camodbia’s Ministry of Defence, and various Vietnamese online newspapers and blogs.

One theory is that some of the the malware attacks may have in the past been designed to assist local industry competing with foreign competitors.

Sign up to our free newsletter.
Security news, advice, and tips.

According to Trend Micro, this new incarnation of the Open Lotus Mac malware appears to target Vietnamese users – using the icon of a Word document with a Vietnamese filename as a disguise, but in reality being an app bundled in a Zip archive.

Ocean lotus malware

Apparently the file’s title (“tìm nhà Chị Ngọc”) roughly translates to “find Mrs. Ngoc’s house”

No, I don’t understand the relevance of that either, but I’m presumably not the person they’re targeting.

Upon launching the file, a Word document is displayed as a decoy while other malicious operation take place unnoticed by the user.

Word doc

Once in place the malware can download additional code, and be remotely controlled by hackers to steal files and other information from the targeted Mac computer.

Sadly, many Mac users remain oblivious to the very real malware threat which exists for their operating system.

It’s true to say that there is a lot less Mac malware than there there is for the Windows platform, but that does not mean that it does not exist at all – and you won’t be feeling too smug if you’re unlucky enough to be hit by a backdoor trojan like Open Lotus.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.