Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!
New CallMe malware discovered
Posted on February 13th, 2013 at 2:11 PM EDT
Intego announced today the discovery of a new Mac trojan, which they are calling OSX/CallMe.A. This malware is spread through maliciously-crafted Microsoft Word documents that, when opened, result in a backdoor being installed. The backdoor in question sounds very simple, giving the hackers the ability to run commands (through a bash shell) and steal the user’s Address Book data.
Fortunately, this malware poses very little risk to anyone, for two reasons. First, it’s yet another case of an attack targeted specifically at Tibetan activists. If you’re not a Tibetan activist, you’re not likely to ever see this malware, much like the other bits of malware that have been aimed at Tibetans (Tibet, Sabpab and Dockster).
Even if you’re a Tibetan activist, though, you still aren’t likely to fall victim, for a second reason: the malware relies on exploiting CVE-2009-0563, a very old Microsoft Word vulnerability. Microsoft released an update that fixed this vulnerability in affected versions of Word back in June of 2009. So, the only people who have any chance at all of being infected with this malware are Tibetan activists who haven’t installed any Microsoft Office updates in almost 4 years. I’m sure there are a few of them out there, but probably not very many. Everyone else can rest easy, knowing that we’re safe from this one.
Tags: CallMe, malware, trojan, vulnerability
13 Comments
This post is more than 90 days old and has been locked. No further comments are allowed.
Let me guess: it steals your Address Book data to send spam to your contacts?
I bet almost all activists are using Open Office… I wonder if this only affects Microsoft or any other file compatible products?
The vulnerability was only in Microsoft Office, not any other Office-compatible programs.
Any idea why it’s called CallMe?
No idea whatsoever.
I think this virus calls home and send data about the activist location…
Possibly don’t even do nothing else, other than sending ip, address (map or dns server)…
Maybe it’s just a “ping virus”…
…Then they can enter in the activist computer from the backdoor the “ping virus” just created… If the location is not based in the “hacker criteria” they don’t even exploit it…
But it’s just my thoughts… Maybe the Govern it’s the “hacker”…
It doesn’t really make sense… it doesn’t have anything to do with phones, does it?
Who names malware anyway?
Thanks for your site. I found it today wondering if I needed antivirus software, and what the risks are relative to Windows (my historical perspective). You are bookmarked.
Thanks again.
@ Iamthewalrus: you can say that again!!
@Someone:
I don’t need a cell phone to call you. I can simply yell or write you a letter. I think the name it’s based in the “type” not in the “consequence”…
Most internet still uses phone lines but in future I think we will exclude this “pre-historic” connection and use radio waves only…
Who discovers the virus give the name. It’s like astronomy/science, you discover a planet or species and you have the right to name it…
Ah, I see… Well, that makes sense…