The antivirus company Trend Micro has discovered a new backdoor macOS, related to OceanLotus. OceanLotus, also known as APT32, is a hacking group that began to be active in 2017. They launched attacks against human rights organizatis, media organizatis, research institutes, and corporatis maritime cstructi. OSX_OCEANLOTUS.D. It targets Mac with the installed Perl programming language. It was first found in a malicious Word document, and it probably spread through e-mail.
The document has the file name "2018-PHIẾU GHI DANH THAM DỰ TỰNH HỘI HMDC 2018.doc", which means "2018-REGISTRATI FORM OF THE HMDC ASSEMBLY." It claims to be a form d & rsquo; Registrati for an HDMC event. HDMC is a Vietnamese organizati that announces the Natial Independence and Democracy
MacOS backdoor code excerpt from the obfuscated document.
When somee receives the document, they will advise you to enable Word macros, …